#157 closed defect (fixed)
Fine grained permissions
Reported by: | anonymous | Owned by: | utopiste |
---|---|---|---|
Priority: | normal | Milestone: | 0.8.1 |
Component: | general | Version: | 0.6 |
Severity: | normal | Keywords: | permission |
Cc: | pbaker@… | Branch: | |
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
We should (somehow) support more fine grained access control, a'la mod_authz_svn.
In fact, the configuration file format for authz is trivial, if not even directly compatible with python's configfile parser… We could maybe use that directly, that'd be quite easy to set up.
Attachments (2)
Change History (22)
comment:1 by , 21 years ago
Severity: | normal → major |
---|---|
Version: | 0.5.2 → 0.6 |
comment:2 by , 21 years ago
Priority: | normal → high |
---|
Not to mention if you are using it commercially…. Let's just say all the beneifts of providing external access to this cool tool would be much more than negated. This is the only showstopper I see so far, to our usage.
comment:3 by , 21 years ago
Milestone: | → 0.8 |
---|
comment:4 by , 21 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:5 by , 21 years ago
For more information about this feature consult the FineGrainedPermissions page
comment:6 by , 21 years ago
Milestone: | 0.8 → 1.0 |
---|
comment:7 by , 21 years ago
Oops… Trac detected an internal error: authz read privileges required to view this file
wouhou :) (ok currently only in File.py, but it's a beginning)
Primary release in few day
comment:9 by , 21 years ago
Duh, just noticed your patch. It looks nice, is this something you would like to have merged into trunk right now?
by , 20 years ago
Attachment: | mod_authz_perm_p1.2.patch added |
---|
work on trunk, initial changeset support
comment:12 by , 20 years ago
Patch merged into trunk.
A few comments:
- It looks like the current authzperm.py only support sections of the format
[repos-name:/path]
and not[/path]
. authz_file
option in trac.ini should support relative filenames (relative to the env directory)- Should authz limit directory browser access as well?
- It might be a good idea to load/parse the file when it's modified and not on every request. But ConfigParser might be fast enough for us…
comment:13 by , 20 years ago
I am checking trunk version of trac and it looks like the module does not seem to support authz groups.
comment:14 by , 20 years ago
Cc: | added |
---|
I have set up an authz access file for my trac installation and this feature does not seem to work. Nothing is logged to the trac.log about it. You should add some logging for when this feature is detected and used. That would really help out.
comment:15 by , 20 years ago
Should this be included in 0.8, or should we roll back the work so far and push it til 0.9?
How much work is still needed on this?
comment:16 by , 20 years ago
comment:17 by , 20 years ago
Keywords: | security added |
---|---|
Milestone: | 0.8 → 0.9 |
Priority: | high → normal |
Severity: | major → normal |
This feature can be used in the 0.8 release. i changed the milestone date to 0.9 because i have some more work to put inside this features (think group support and ACL caching) and i dont want to close this ticket.
FineGrainedPermissions was also updated to reflect this.
comment:19 by , 20 years ago
Milestone: | 0.9 → 0.8.1 |
---|---|
Resolution: | → fixed |
Status: | assigned → closed |
with the last patch, should be enough stable to be used in the next version of trac
comment:20 by , 18 years ago
Keywords: | permission added; security removed |
---|
i just wanted to add that this missing feature can be a real showstopper. we're using subversion as a service for computer science projects or bachelor/master thesises at my university and these get stored in one repository with usage of mod_authz for fine grained permissions. the problem is not the browser itself which could certainly have some kind of access control via apache, but with the changesets in the timeline this is simply not possible. this way it is possible to look into source codes or thesises without having the proper permission. as a result it is not possible to use trac in a configuration like we have which is really a pity!