Edgewall Software
Modify

Opened 15 years ago

Closed 15 years ago

#8565 closed enhancement (fixed)

authz should support group of groups

Reported by: kris@… Owned by: Remy Blank
Priority: normal Milestone: 0.12
Component: wiki system Version: none
Severity: normal Keywords: permissions patch authzpolicy
Cc: ryano@… Branch:
Release Notes:
API Changes:
Internal Changes:

Description (last modified by Christian Boos)

authz suggests it is possible to write:

[groups]
admin = one, two
users = three, four
everybody = @admin, @users

But this does not work the the standard version, here's a patch

*** authz_policy.py.orig	2009-08-13 00:51:26.000000000 +0000
--- authz_policy.py	2009-08-13 05:06:28.000000000 +0000
***************
*** 174,184 ****
--- 174,189 ----
                             self.get_authz_file())
          self.authz = ConfigObj(self.get_authz_file())
          self.groups_by_user = {}
+         groups = {}
          for group, users in self.authz.get('groups', {}).iteritems():
              if isinstance(users, basestring):
                  users = [users]
              for user in users:
+                 if user[0] == '@':
+                     users.extend (groups[user])
+                     continue
                  self.groups_by_user.setdefault(user, set()).add('@' + group)
+                 groups.setdefault('@'+group, []).append (user)
          self.authz_mtime = os.path.getmtime(self.get_authz_file())
  
      def normalise_resource(self, resource):

Attachments (0)

Change History (9)

comment:1 by Christian Boos, 15 years ago

Keywords: authzpolicy added

comment:2 by Ryan Ollos <ryano@…>, 15 years ago

Cc: ryano@… added

comment:3 by Remy Blank, 15 years ago

Owner: set to Remy Blank

comment:4 by Christian Boos, 15 years ago

Description: modified (diff)
Owner: changed from Remy Blank to Christian Boos

Patch looks good (well, the content of the patch looks good, for the form of it, see TracDev/SubmittingPatches ;-) ).

Remy, I'll take it if you don't mind, as I'm working on the authz stuff now.

in reply to:  4 comment:5 by Remy Blank, 15 years ago

Replying to cboos:

Remy, I'll take it if you don't mind, as I'm working on the authz stuff now.

Sure, go ahead.

comment:6 by Remy Blank, 15 years ago

Resolution: fixed
Status: newclosed

Mutating the users list while iterating over it is not a good programming practice. I have taken a different (but equivalent) approach in [9401].

comment:7 by Remy Blank, 15 years ago

Owner: changed from Christian Boos to Remy Blank

comment:8 by Remy Blank, 15 years ago

Resolution: fixed
Status: closedreopened

Then again, relying on the order of items in a dict is not a good idea either. I'll come up with something better.

comment:9 by Remy Blank, 15 years ago

Resolution: fixed
Status: reopenedclosed

Order of items is not an issue anymore with [9405].

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Remy Blank.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Remy Blank to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.