TracDev/PluginDevelopment/ExtensionPoints/trac.perm.IPermissionGroupProvider – The Trac Project

wiki:TracDev/PluginDevelopment/ExtensionPoints/trac.perm.IPermissionGroupProvider

Context Navigation

Extension Point : IPermissionGroupProvider

Interface	IPermissionGroupProvider	Since	0.9
Module	trac.perm	Source	perm.py

The IPermissionGroupProvider implementations define permission group membership information.

Purpose

The TracPermissions system supports hierarchical groups to bundle and inherit permissions. The IPermissionGroupProvider interface can be used to get group membership information for users (e.g. from arbitrary external data sources).

(Note that currently the admin defined groups are provided by the DefaultPermissionStore , not an IPermissionGroupProvider. See #5648)

Usage

Implementing the interface follows the standard guidelines found in TracDev/ComponentArchitecture and of course TracDev/PluginDevelopment.

The group providers are called by the permissions system to provide the group membership information for a certain user name. This information is automatically cached and reused for some time.

Examples

The following example uses an active_directory module to provide group membership information from Windows' default Active Directory:

import active_directory
from trac.core import *
from trac.perm import IPermissionGroupProvider

class ActiveDirectoryPermissionGroupProvider(Component):
    """Permission group provider providing Active Directory group membership 
    information."""

    implements(IPermissionGroupProvider)

    def get_permission_groups(self, username):
        aduser = active_directory.find_user(username)
        return list(aduser.memberOf)

Available Implementations

In Trac:

DefaultPermissionGroupProvider

Provides the basic builtin permission groups 'anonymous' and 'authenticated'.

In third-party plugins:

th:LdapPlugin	Provides groups from LDAP.
th:HtgroupsPlugin	Provides groups from a `.htgroup` file (usually used with Apache's `AuthGroupFile` or `AuthDigestGroupFile` directives).
th:AuthzGroupsPlugin	Provides groups from the SVN authz file.
th:TracSysgroupsPlugin	Provides groups from the unix / linux system groups.
th:UnixGroupsPlugin	Provides groups from the unix system groups.
th:TracUnixGroupsPlugin	Provide groups from the unix system groups.
th:wiki:SQLAuthStorePlugin	Provide groups from the SQL database.
TracGoogleAppsAuthPlugin	Provide groups from a hosted Google Apps domain.
th:TracForgePlugin	Adds cross-project permissions with virtual groups.

Additional Information and References

Epydoc API Reference
See also IPermissionStore, IPermissionPolicy, IPermissionRequestor
Related tickets:
- #5648 Move user defined groups to IPermissionGroupProvider implementation
- #2194 Provide user credentials to IPermissionGroupProvider
- group in keywords
Related mailing list topics:
- Early design discussion
- Some discussion about possible future enhancements

Last modified 13 years ago Last modified on Aug 7, 2011, 2:55:10 PM

Note: See TracWiki for help on using the wiki.

Download in other formats:

Plain Text