The authz_policy.py sample is only a *sample*
|Reported by:||Owned by:||Christian Boos|
|Severity:||normal||Keywords:||authzpolicy TracPermissions TracFineGrainedPermissions perdirectory|
I had some trouble with setting up a policy where the anonymous user could see only the front page of the wiki (wiki/WikiStart), but not the rest of the wiki without further authorisation through logging in. I used the authz_policy.py and had the following in the associated authz file:
[groups] superdevs = me [wiki:WikiStart] anonymous = WIKI_VIEW [wiki:*] anonymous = [*] @superdevs = TRAC_ADMIN anonymous = MILESTONE_VIEW, ROADMAP_VIEW, TIMELINE_VIEW
According to the docs in the authz_policy.py file, order of the directives mattered. The first directive should have allowed anonymous visitors access to the front page, while the second directive dissallowed anonymous browsing of the rest of the wiki. Instead, this resulted in an error:
No handler matched request to /wiki/WikiStart
I talked to "aat" on the IRC channel and he came up with the following:
the issue is that trac checks for access to AT LEAST ONE resource in a realm by just checking if the user has the permission on <realm>
"aat" also provided a patch and stated that he would try and come up with something better soon.
Everyone seems to agree that someone should create a trac hack out of this. Anyone out there have copious amounts of free time for that?
Change History (16)
comment:12 by , 9 years ago
|Milestone:||next-minor-0.12.x → 0.12|
|Status:||assigned → closed|