Version 1 (modified by 11 years ago) ( diff ) | ,
---|
ReadonlyWikiPolicy
Permissions policy added in Trac 1.1.2 which enables and enforces the read-only attribute on wiki pages.
Earlier versions of Trac had a defect in which the read-only attribute would not be checked when adding attachments to wiki pages, allowing users with WIKI_MODIFY
to add attachments to read-only wiki pages rather than enforcing the requirement of WIKI_ADMIN
. In #11244, the ReadonlyWikiPolicy
was added, which unequivocally requires WIKI_ADMIN
for modifying, deleting or renaming for read-only pages (and adding an attachment requires permission to modify the page). Enforcing the read-only attribute through a permission policy additionally allows a custom permission policy to be written for enforcing the read-only attribute.
For new Trac installations in 1.1.2 and later, ReadonlyWikiPolicy
is enabled by default. When upgrading from earlier versions, ReadonlyWikiPolicy
need to be added to permission_policies
. If the default list of permission policies is in effect, then ReadonlyWikiPolicy
only needs to be added to the front of the list.
[trac] permission_policies = ReadonlyWikiPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy
When other permission policies are active, care will need to be taken to ensure the proper ordering. See TracFineGrainedPermissions#ReadonlyWikiPolicy for more details.