Modify ↓
Opened 16 years ago
Closed 16 years ago
#8565 closed enhancement (fixed)
authz should support group of groups
| Reported by: | Owned by: | Remy Blank | |
|---|---|---|---|
| Priority: | normal | Milestone: | 0.12 |
| Component: | wiki system | Version: | none |
| Severity: | normal | Keywords: | permissions patch authzpolicy |
| Cc: | ryano@… | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description (last modified by )
authz suggests it is possible to write:
[groups] admin = one, two users = three, four everybody = @admin, @users
But this does not work the the standard version, here's a patch
*** authz_policy.py.orig 2009-08-13 00:51:26.000000000 +0000
--- authz_policy.py 2009-08-13 05:06:28.000000000 +0000
***************
*** 174,184 ****
--- 174,189 ----
self.get_authz_file())
self.authz = ConfigObj(self.get_authz_file())
self.groups_by_user = {}
+ groups = {}
for group, users in self.authz.get('groups', {}).iteritems():
if isinstance(users, basestring):
users = [users]
for user in users:
+ if user[0] == '@':
+ users.extend (groups[user])
+ continue
self.groups_by_user.setdefault(user, set()).add('@' + group)
+ groups.setdefault('@'+group, []).append (user)
self.authz_mtime = os.path.getmtime(self.get_authz_file())
def normalise_resource(self, resource):
Attachments (0)
Change History (9)
comment:1 by , 16 years ago
| Keywords: | authzpolicy added |
|---|
comment:2 by , 16 years ago
| Cc: | added |
|---|
comment:3 by , 16 years ago
| Owner: | set to |
|---|
follow-up: 5 comment:4 by , 16 years ago
| Description: | modified (diff) |
|---|---|
| Owner: | changed from to |
comment:5 by , 16 years ago
Replying to cboos:
Remy, I'll take it if you don't mind, as I'm working on the authz stuff now.
Sure, go ahead.
comment:6 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Mutating the users list while iterating over it is not a good programming practice. I have taken a different (but equivalent) approach in [9401].
comment:7 by , 16 years ago
| Owner: | changed from to |
|---|
comment:8 by , 16 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
Then again, relying on the order of items in a dict is not a good idea either. I'll come up with something better.
comment:9 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Order of items is not an issue anymore with [9405].
Note:
See TracTickets
for help on using tickets.
Patch looks good (well, the content of the patch looks good, for the form of it, see TracDev/SubmittingPatches ;-) ).
Remy, I'll take it if you don't mind, as I'm working on the authz stuff now.