Edgewall Software

Version 2 (modified by Christian Boos, 15 years ago) ( diff )

all relevant tickets have now the svnauthz keyword

Subversion Authorization

This was the first system of fine-grained permission for Trac, restricted to the version control modules (see TracFineGrainedPermissions#mod_authz_svn-likepermissionpolicy). It is used together with the Subversion version control backend and is based on interpreting the authz svn access file in a way that should match the Subversion behavior.

However, there are a number of known issues:

Ticket Summary Keywords Version Milestone
#5246 [PATCH] Use permission system to store groups for authz access control patch svnauthz authzsourcepolicy 0.10-stable next-major-releases
#6211 IPermissionPolicy unable to grant WIKI_VIEW access permissions authzpolicy devel next-stable-1.6.x
#6644 Authz_policy plugin doesn't work with [*] permissions authzpolicy 0.11b1 next-stable-1.6.x
#7650 authz_policy.py - Support Trac groups authzpolicy groups 0.12dev unscheduled
#9355 authzpolicy FineGrainedPermissions: configuration file order matters, but more/less specific patterns don't permissions authzpolicy authz configuration 0.11.6 unscheduled
#9526 Fine Grained Permission possible realms and paths format are not documented. permissions documentation authzpolicy 0.12 next-major-releases
#10203 [PATCH] AuthzPolicy to allow multiple user/group permissions permission policies policy AuthzPolicy authzpolicy patch undecided
#10666 Setting fine grained permissions using AuthzPolicy does not work authzpolicy verify next-major-releases
#10873 authzpolicy.conf can not include a common permission setup authzpolicy inherit undecided
#11078 Perform fine-grained permission checks on resource in get_navigation_items permissions authzpolicy next-major-releases
#11263 AuthzPolicy should allow restricting access to only the most recent version of a resource authzpolicy 1.0-stable next-major-releases
#12442 Support per-repository authz_file svn svn17 authzsourcepolicy next-major-releases
#12461 Move svn_authz or rename to authz_policy permissions authzpolicy
#12596 AuthzPolicy should recursively expand groups authzpolicy permissions next-major-releases
#12912 AuthzPolicy fine permissions for timeline and search authz, permissions 1.2.2 next-dev-1.7.x
#12922 AuthzSourcePolicy doesn't deny viewing changeset on restricted path authzsourcepolicy next-stable-1.6.x

The plan is to simplify the version control modules so that they don't rely on a special system of authorization but rather use the general fine-grained permission system. The existing SubversionAuthorizer should then be turned into a permission policy plugin (see ticket:5640#comment:19).

Ideally this should be done for 0.12, otherwise we'll be stuck with this for yet another cycle.

Note: See TracWiki for help on using the wiki.