= ReadonlyWikiPolicy

A permission policy added in Trac 1.1.2 which enables and enforces the read-only attribute on wiki pages.

Earlier versions of Trac had a defect in which the read-only attribute would not be checked when adding attachments to wiki pages, allowing users with `WIKI_MODIFY` to add attachments to read-only wiki pages rather than enforcing the requirement of `WIKI_ADMIN`. In #11244, the `ReadonlyWikiPolicy` was added, which unequivocally requires `WIKI_ADMIN` for modifying, deleting or renaming of read-only pages (and adding an attachment requires permission to modify the page). Enforcing the read-only attribute through a permission policy additionally allows a custom permission policy to be written for enforcing the read-only attribute.

For new Trac installations in 1.1.2 and later, `ReadonlyWikiPolicy` is enabled by default. When upgrading from earlier versions, `ReadonlyWikiPolicy` will be added to the list of permissions policies when upgrading the environment if `permissions_policies` has the default value `DefaultPermissionPolicy, LegacyAttachmentPolicy`. If `permissions_policies` has some other value, then the TracIni configuration file needs to be edited to add `ReadonlyWikiPolicy` to the list of `permission_policies`. A message will be echoed to the console when upgrading the environment, indicating if any action needs to be taken. `ReadonlyWikiPolicy` should be placed before `DefaultPermissionPolicy, LegacyAttachmentPolicy`.
{{{#!ini
[trac]
permission_policies = ReadonlyWikiPolicy,
 DefaultPermissionPolicy,
 LegacyAttachmentPolicy
}}}

When additional permission policies are active, care will need to be taken to ensure the proper ordering. See TracFineGrainedPermissions#ReadonlyWikiPolicy for more details.