== Extension Point : ''IPermissionPolicy'' ==

||'''Interface'''||''IPermissionPolicy''||'''Since'''||0.11||
||'''Module'''||''trac.perm''||'''Source'''||[source:trunk/trac/perm.py#L114 perm.py]||

The ''IPermissionPolicy'' implementations define policies for how to check for (fine grained) permissions.

== Purpose ==

The TracPermissions system defines coarse permissions to control which users have access to which modules. TracFineGrainedPermissions introduced more fine grained control over permissions for individual resources. The IPermissionPolicy interface is used to implement this new system, re-implement the legacy behavior and allow plugins to extend the permission policies.

== Usage ==

Implementing the interface follows the standard guidelines found in [wiki:TracDev/ComponentArchitecture] and of course [wiki:TracDev/PluginDevelopment].

Only the ''permission_policies'' configured in [wiki:TracIni#trac-section trac.ini] will be used (in that order).

== Examples ==

See [#DebugPolicy], [#PublicWikiPolicy], [#SecurityTicketsPolicy]

== Available Implementations ==

=== [source:trunk/trac/perm.py#L249 trac.perm.DefaultPermissionPolicy] === #DefaultPermissionPolicy

Reimplements the pre-0.11 behavior which checks for the traditional coarse grained style permissions described in TracPermissions.

=== [source:trunk/trac/attachment.py#L894 trac.attachment.LegacyAttachmentPolicy] === #LegacyAttachmentPolicy

Reimplements the legacy coarse grained permissions checks for attachments, by mapping ATTACHMENT_* permissions to realm specific ones. Allows other plugins to participate in this by implementing [wiki:TracDev/PluginDevelopment/ExtensionPoints/trac.attachment.ILegacyAttachmentPolicyDelegate ILegacyAttachmentPolicyDelegate].

=== [source:trunk/tracopt/perm/authz_policy.py#L33 tracopt.perm.authz_policy.AuthzPolicy] === #AuthzPolicy

See [wiki:TracFineGrainedPermissions#AuthzPolicy TracFineGrainedPermissions]

=== [source:trunk/trac/versioncontrol/svn_authz.py#L111 trac.versioncontrol.svn_authz.AuthzSourcePolicy] === #AuthzSourcePolicy

See [wiki:TracFineGrainedPermissions#AuthzSourcePolicy TracFineGrainedPermissions]

=== [source:trunk/sample-plugins/permissions/debug_perm.py#L8 sample-plugins.permissions.debug_perm.DebugPolicy] === #DebugPolicy

A sample plugin that is only useful for Trac Development. It verifies the well-formedness of the permission checks.

=== [source:trunk/sample-plugins/permissions/public_wiki_policy.py#L10 sample-plugins.permissions.public_wiki_policy.PublicWikiPolicy] === #PublicWikiPolicy
  
A sample plugin that allows public access to some wiki pages, illustrating how to check permission on realms.

=== [source:trunk/sample-plugins/permissions/vulnerability_tickets.py#L7 sample-plugins.permissions.vulnerability_tickets.SecurityTicketsPolicy] === #SecurityTicketsPolicy

A sample plugin that prevents public access to security sensitive tickets.

== Additional Information and References ==

 * [http://www.edgewall.org/docs/trac-trunk/html/api/trac_perm.html#trac.perm.IPermissionPolicy API Reference]
 * See [wiki:TracDev/PluginDevelopment/ExtensionPoints/trac.perm.IPermissionStore IPermissionStore], [wiki:TracDev/PluginDevelopment/ExtensionPoints/trac.perm.IPermissionRequestor IPermissionRequestor]