|Version 5 (modified by 5 years ago) ( diff ),|
A permission policy added in Trac 1.1.2 which enables and enforces the read-only attribute on wiki pages.
Earlier versions of Trac had a defect in which the read-only attribute would not be checked when adding attachments to wiki pages, allowing users with
WIKI_MODIFY to add attachments to read-only wiki pages rather than enforcing the requirement of
WIKI_ADMIN. In #11244, the
ReadonlyWikiPolicy was added, which unequivocally requires
WIKI_ADMIN for modifying, deleting or renaming of read-only pages (and adding an attachment requires permission to modify the page). Enforcing the read-only attribute through a permission policy additionally allows a custom permission policy to be written for enforcing the read-only attribute.
For new Trac installations in 1.1.2 and later,
ReadonlyWikiPolicy is enabled by default. When upgrading from earlier versions,
ReadonlyWikiPolicy will be added to the list of permissions policies when upgrading the environment if
permissions_policies has the default value
DefaultPermissionPolicy, LegacyAttachmentPolicy. If
permissions_policies has some other value, then the TracIni configuration file needs to be edited to add
ReadonlyWikiPolicy to the list of
permission_policies. A message will be echoed to the console when upgrading the environment, indicating if any action needs to be taken.
ReadonlyWikiPolicy should be placed before
[trac] permission_policies = ReadonlyWikiPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy
When additional permission policies are active, care will need to be taken to ensure the proper ordering. See TracFineGrainedPermissions#ReadonlyWikiPolicy for more details.