| Version 1 (modified by , 11 years ago) ( diff ) |
|---|
ReadonlyWikiPolicy
Permissions policy added in Trac 1.1.2 which enables and enforces the read-only attribute on wiki pages.
Earlier versions of Trac had a defect in which the read-only attribute would not be checked when adding attachments to wiki pages, allowing users with WIKI_MODIFY to add attachments to read-only wiki pages rather than enforcing the requirement of WIKI_ADMIN. In #11244, the ReadonlyWikiPolicy was added, which unequivocally requires WIKI_ADMIN for modifying, deleting or renaming for read-only pages (and adding an attachment requires permission to modify the page). Enforcing the read-only attribute through a permission policy additionally allows a custom permission policy to be written for enforcing the read-only attribute.
For new Trac installations in 1.1.2 and later, ReadonlyWikiPolicy is enabled by default. When upgrading from earlier versions, ReadonlyWikiPolicy need to be added to permission_policies. If the default list of permission policies is in effect, then ReadonlyWikiPolicy only needs to be added to the front of the list.
[trac] permission_policies = ReadonlyWikiPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy
When other permission policies are active, care will need to be taken to ensure the proper ordering. See TracFineGrainedPermissions#ReadonlyWikiPolicy for more details.
