Opened 16 years ago
Closed 16 years ago
#7631 closed defect (worksforme)
'authz_policy.py' does not work in the additional plugins directory specified in trac.ini
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | general | Version: | 0.11.1 |
| Severity: | normal | Keywords: | authz policy fine grained permission |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
'authz_policy.py' which works when it is in the project specific plugins directory does not work when it is moved into the additional plugins directory specified in 'trac.ini'
For a test, I set AuthzPolicy as only permission_policies in the [trac] section of 'trac.ini'.
... [inherit] plugins_dir = d:\pubs\trac\share\plugins ... [trac] ... #permission_policies = AuthzPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy permission_policies = AuthzPolicy ...
and 'authzpolicy.conf' as simple as shown below,
[wiki:TracGuide@*] admin = WIKI_VIEW anonymous = WIKI_VIEW
With all these setting, admin can access "/wiki/TracGuide" if 'authz_policy.py' is in the porject specific plugins directory while it does not work if 'authz_policy.py' is moved into the additional plugins directory ("d:\pubs\trac\share\plugins") specified in the [inherit] section of 'trac.ini'.
It displays the following error message.
Error: Forbidden
| WIKI_VIEW privileges are required to perform this operation on TracGuide |
Trac 0.11.1
Python 2.5.2
mod_python
Apache HTTPD 2.2.9
on Windows 2K3
Attachments (0)
Change History (7)
comment:1 by , 16 years ago
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
follow-up: 4 comment:2 by , 16 years ago
| Resolution: | worksforme |
|---|---|
| Status: | closed → reopened |
'authz_policy.py' was explicitly enabled in both cases by specifying 'authz_policy.* = enabled' in [components] section of trac.ini.
However the fine grained permission control rules did not apply if 'authz_policy.py' is moved into the additional plugins directory ("d:\pubs\trac\share\plugins") specified in the [inherit] section of 'trac.ini'.
comment:3 by , 16 years ago
Question: When moved, does the plugin show in the Admin Plugins panel? If you enable debug logging, does the plugin list as being loaded without errors?
comment:4 by , 16 years ago
Replying to jaychoi@…:
'authz_policy.py' was explicitly enabled in both cases by specifying 'authz_policy.* = enabled' in [components] section of trac.ini.
Ah, you didn't mention it in the description, so this was a likely cause.
However the fine grained permission control rules did not apply if 'authz_policy.py' is moved into the additional plugins directory ("d:\pubs\trac\share\plugins") specified in the [inherit] section of 'trac.ini'.
Make sure that the permissions are set correctly on your shared plugins directory. When you have enabled DEBUG logging as described above, please attach the part of the log that follows the first request to TracGuide after restarting Apache. Also, please attach your trac.ini.
comment:5 by , 16 years ago
| Keywords: | needinfo added |
|---|
comment:6 by , 16 years ago
Sorry for late reply. I didn't have chance to get my hands on Trac for last few weeks.
I just went through the procedure that I noted down while I found the problem last time but authz_policy.py worked just fine regardless of its location (shared plugin folder or site-specific plugin folder).
I will look into the issue when I have more time to investigate later and this ticket can be closed for now.
Sorry for mis info and thank you very much for all your efforts
Jae
comment:7 by , 16 years ago
| Keywords: | needinfo removed |
|---|---|
| Resolution: | → worksforme |
| Status: | reopened → closed |
Ok, thanks for the reply.
That's by design. If the plugin is not installed in the project environment, you have to enable it explicitly. Add the following to your
[components]section:This works here. See TracPlugins#Enablingtheplugin for more details. I'll add a comment to that section that it also applies to plugins installed in
plugins_dir.So this is an InstallationIssue.