Edgewall Software
Modify

Opened 8 years ago

Last modified 7 months ago

#9526 new defect

Fine Grained Permission possible realms and paths format are not documented.

Reported by: dpc@… Owned by:
Priority: normal Milestone: next-dev-1.3.x
Component: wiki system Version: 0.12
Severity: minor Keywords: permissions documentation authzpolicy
Cc:
Release Notes:
API Changes:

Description (last modified by Ryan J Ollos <ryano@…>)

I'm trying to configure authz_policy.py (TracFineGrainedPermissions) for things other than Wiki Pages.

I can see that this is possible and working, but I'm waisting my time discovering "paths and realms" for every single thing I want to manage via authz_policy.

All the samples and documentation I've found describe configuration for wiki: realms *only* and while this is probably most common usage I'd like to create a ticket to expand the documentation in this topic.

Attachments (0)

Change History (9)

comment:1 Changed 8 years ago by Remy Blank

Some documentation effort about this is certainly welcome, thanks!

comment:2 Changed 8 years ago by osimons

The problem is that plugins also provides resource support, and for lookup purposes for users there really should be some code that iterates and presents them. Like we do for config and for macros.

comment:3 Changed 8 years ago by Christian Boos

Milestone: 0.12.1next-minor-0.12.x

Not for 0.12.1, it seems.

comment:4 Changed 6 years ago by Ryan J Ollos <ryano@…>

Description: modified (diff)
Keywords: authzpolicy added

comment:5 Changed 4 years ago by Ryan J Ollos

Milestone: next-minor-0.12.xnext-stable-1.0.x

Moving this forward since I don't think it needs to be fixed on 0.12-stable, but please comment if you feel differently.

We may want to consider this within the context of a more extensive rework of the permission system in which IPermissionRequestor may define actions associated with realms: trunk/trac/perm.py@12930:152-154#L117. Something like,

-        actions = ['WIKI_CREATE', 'WIKI_DELETE', 'WIKI_MODIFY', 'WIKI_RENAME',
-                   'WIKI_VIEW']
-       return actions + [('WIKI_ADMIN', actions)]
+        actions = ['CREATE', 'DELETE', 'MODIFY', 'RENAME', 'VIEW']
+        return {'wiki': actions + [('ADMIN', actions)]}

That's not a fully developed idea though.

Last edited 4 years ago by Ryan J Ollos (previous) (diff)

comment:6 Changed 3 years ago by Ryan J Ollos

Milestone: next-stable-1.0.xnext-dev-1.1.x

comment:7 Changed 3 years ago by Ryan J Ollos

Milestone: next-dev-1.1.xnext-dev-1.3.x

Narrowing focus for milestone:1.2. Please move ticket to milestone:1.2 if you intend to fix it.

comment:8 Changed 7 months ago by anonymous

there really should be some code that iterates and presents them. Like we do for config and for macros.

  • trac/wiki/macros.py

    diff -r a3e91091080a trac/wiki/macros.py
    a b  
    2424
    2525from trac.core import *
    2626from trac.resource import (
    27     Resource, ResourceNotFound, get_resource_name, get_resource_summary,
    28     get_resource_url
     27    Resource, ResourceNotFound, ResourceSystem, get_resource_name,
     28    get_resource_summary, get_resource_url
    2929)
    3030from trac.util import as_int
    3131from trac.util.datefmt import format_date, from_utimestamp, user_time
     
    903903                    for mime_type in sorted(mime_types))))
    904904
    905905
     906class KnownRealmsMacro(WikiMacroBase):
     907    _domain = 'messages'
     908    _description = cleandoc_(
     909    """List all known realms which can be used with TracFineGrainedPermissions.
     910
     911    Can be given an optional argument which is interpreted as realm filter.
     912    """)
     913
     914    def expand_macro(self, formatter, name, content):
     915        realm_filter = ''
     916        args, kw = parse_args(content)
     917        if args:
     918            realm_filter = args.pop(0).strip().rstrip('*')
     919
     920        resource_sys = ResourceSystem(self.env)
     921        realms = []
     922        for realm in resource_sys.get_known_realms():
     923          if not realm_filter or realm.startswith(realm_filter):
     924            try:
     925                summary = get_resource_summary(self.env, Resource(realm))
     926            except Exception as e:
     927                summary = 'ERROR ' + str(e)
     928            realms.append((realm, summary))
     929
     930        return tag.div(class_='trac-realms')(
     931            tag.table(class_='wiki')(
     932                tag.thead(tag.tr(
     933                    tag.th(_("Realm")),
     934                    tag.th(_("Summary")))),
     935                tag.tbody(
     936                    tag.tr(tag.th(tag.code(realm),
     937                                  style="text-align: left"),
     938                           tag.td(tag.code(
     939                            summary
     940                           )))
     941                    for realm, summary in sorted(realms))))
     942
     943
    906944class TracGuideTocMacro(WikiMacroBase):
    907945    _domain = 'messages'
    908946    _description = cleandoc_(

[[KnownRealms()]] shows:

Realm Summary
attachment Unparented attachment None
changeset Changeset None
milestone Milestone None
repository Default repository
source ERROR 'NoneType' object has no attribute 'get_node'
ticket ERROR coercing to Unicode: need string or buffer, NoneType found
wiki

comment:9 Changed 7 months ago by Ryan J Ollos

The realm summary isn't useful, but a comma-separated list might be enough.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The ticket will remain with no owner.
The ticket will be disowned.
as The resolution will be set.
The owner will be changed from (none) to anonymous.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.