Context Navigation

Modify ↓

#8565 closed enhancement (fixed)

authz should support group of groups

Reported by:	kris@…	Owned by:	Remy Blank
Priority:	normal	Milestone:	0.12
Component:	wiki system	Version:	none
Severity:	normal	Keywords:	permissions patch authzpolicy
Cc:	ryano@…	Branch:
Release Notes:
API Changes:
Internal Changes:

Description (last modified by Christian Boos)

authz suggests it is possible to write:

[groups]
admin = one, two
users = three, four
everybody = @admin, @users

But this does not work the the standard version, here's a patch

*** authz_policy.py.orig	2009-08-13 00:51:26.000000000 +0000
--- authz_policy.py	2009-08-13 05:06:28.000000000 +0000
***************
*** 174,184 ****
--- 174,189 ----
                             self.get_authz_file())
          self.authz = ConfigObj(self.get_authz_file())
          self.groups_by_user = {}
+         groups = {}
          for group, users in self.authz.get('groups', {}).iteritems():
              if isinstance(users, basestring):
                  users = [users]
              for user in users:
+                 if user[0] == '@':
+                     users.extend (groups[user])
+                     continue
                  self.groups_by_user.setdefault(user, set()).add('@' + group)
+                 groups.setdefault('@'+group, []).append (user)
          self.authz_mtime = os.path.getmtime(self.get_authz_file())
  
      def normalise_resource(self, resource):

Attachments (0)

Change History (9)

comment:1 by Christian Boos, 15 years ago

Keywords:	authzpolicy added

comment:2 by Ryan Ollos <ryano@…>, 15 years ago

Cc:	ryano@… added

comment:3 by Remy Blank, 15 years ago

Owner:	set to Remy Blank

follow-up: 5 comment:4 by Christian Boos, 14 years ago

Description:	modified (diff)
Owner:	changed from Remy Blank to Christian Boos

Patch looks good (well, the content of the patch looks good, for the form of it, see TracDev/SubmittingPatches ;-) ).

Remy, I'll take it if you don't mind, as I'm working on the authz stuff now.

in reply to: 4 comment:5 by Remy Blank, 14 years ago

Replying to cboos:

Remy, I'll take it if you don't mind, as I'm working on the authz stuff now.

Sure, go ahead.

comment:6 by Remy Blank, 14 years ago

Resolution:	→ fixed
Status:	new → closed

Mutating the users list while iterating over it is not a good programming practice. I have taken a different (but equivalent) approach in [9401].

comment:7 by Remy Blank, 14 years ago

Owner:	changed from Christian Boos to Remy Blank

comment:8 by Remy Blank, 14 years ago

Resolution:	fixed
Status:	closed → reopened

Then again, relying on the order of items in a dict is not a good idea either. I'll come up with something better.

comment:9 by Remy Blank, 14 years ago

Resolution:	→ fixed
Status:	reopened → closed

Order of items is not an issue anymore with [9405].

Modify Ticket

Change Properties

Summary:
Description:	authz suggests it is possible to write: {{{ [groups] admin = one, two users = three, four everybody = @admin, @users }}} But this does not work the the standard version, here's a patch {{{ * authz_policy.py.orig 2009-08-13 00:51:26.000000000 +0000 --- authz_policy.py 2009-08-13 05:06:28.000000000 +0000 *********** * 174,184 **** --- 174,189 ---- self.get_authz_file()) self.authz = ConfigObj(self.get_authz_file()) self.groups_by_user = {} + groups = {} for group, users in self.authz.get('groups', {}).iteritems(): if isinstance(users, basestring): users = [users] for user in users: + if user[0] == '@': + users.extend (groups[user]) + continue self.groups_by_user.setdefault(user, set()).add('@' + group) + groups.setdefault('@'+group, []).append (user) self.authz_mtime = os.path.getmtime(self.get_authz_file()) def normalise_resource(self, resource): }}} You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as closed The owner will remain Remy Blank.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from Remy Blank to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: