Edgewall Software

Changes between Version 1 and Version 2 of TracDev/PluginDevelopment/ExtensionPoints/trac.perm.IPermissionRequestor


Ignore:
Timestamp:
Aug 21, 2011, 10:07:00 PM (13 years ago)
Author:
Peter Suter
Comment:

Replace minimal example with more meaningful ComponentModuleExamples; fix links

Legend:

Unmodified
Added
Removed
Modified

  • TracDev/PluginDevelopment/ExtensionPoints/trac.perm.IPermissionRequestor

    v1 v2  
    2323 * The action to perform on that resource.
    2424
    25 The most common action is VIEW, to allow basic usage (viewing) of a resource. It is often required for components implementing [wiki:TracDev/PluginDevelopment/ExtensionPoints/IRequestHandler IRequestHandler], where {{{process_request()}}} would check for permissions categorically ({{{req.perm.require('RESOURCE_VIEW')}}}) or selectively ({{{if 'RESOURCE_ACTION' in req.perm:}}}). (Such an IRequestHandler - or any other kind of checked resource access - could also be implemented by any other Component.)
     25The most common action is VIEW, to allow basic usage (viewing) of a resource. It is often required for components implementing [../trac.web.api.IRequestHandler IRequestHandler], where {{{process_request()}}} would check for permissions categorically ({{{req.perm.require('RESOURCE_VIEW')}}}) or selectively ({{{if 'RESOURCE_ACTION' in req.perm:}}}). (Such an IRequestHandler - or any other kind of checked resource access - could also be implemented by any other Component.)
    2626
    27 Anyone with access to a ''perm'' (trac.perm.PermissionCache) can perform permission check. It is usually obtained from ''req'' (a trac.web.api.Request). More fine-grained per-resource permission checks can be performed by obtaining a specialized cache using {{{req.perm(resource)}}} or {{{req.perm(realm, resource_id)}}}.
     27Anyone with access to a ''perm'' (`trac.perm.PermissionCache`) can perform permission check. It is usually obtained from ''req'' (a trac.web.api.Request). More fine-grained per-resource permission checks can be performed by obtaining a specialized cache using {{{req.perm(resource)}}} or {{{req.perm(realm, resource_id)}}}.
    2828
    2929A slightly more complex pattern is to return multiple simple RESOURCE_ACTION permission actions and one RESOURCE_ADMIN meta permission action covering the others. Even more complex hierarchies of permissions are possible. (See [#Ticket])
     
    3333=== Minimal ===
    3434
    35 An almost minimal example defining two new permissions to be checked elsewhere:
     35A minimal IPermissionRequestor in isolation is not very useful (but possible) and usually accompanied by implementations of other interfaces that require these permissions. Hence the following example is best understood in context of the ComponentModuleExamples.
     36
     37In Trac, [TicketComponent components] have no associated permissions. The following example defines two new permissions to be checked elsewhere:
    3638{{{#!python
    3739from trac.core import Component, implements
    3840from trac.perm import IPermissionRequestor
    3941
    40 class CoffeePermissions(Component):
     42class ComponentModule(Component):
    4143    implements(IPermissionRequestor)
    4244
    4345    def get_permission_actions(self):
    44         return ('COFFEE_BREW', 'COFFEE_DRINK')
     46        return ('COMPONENT_LIST', 'COMPONENT_VIEW')
    4547}}}
    4648
    4749=== Upgrade example ===
    4850
    49 If a new version of a component renames / merges / splits existing permissions of an older version, it might want to implement an environment upgrade ([wiki:TracDev/PluginDevelopment/ExtensionPoints/IEnvironmentSetupParticipant IEnvironmentSetupParticipant]).
     51If a new version of a component renames / merges / splits existing permissions of an older version, it might want to implement an environment upgrade ([../trac.env.IEnvironmentSetupParticipant IEnvironmentSetupParticipant]).
    5052
    5153A real example would be [h:TracPastePlugin], which changed from a single permission PASTEBIN_USE to multiple permissions PASTEBIN_VIEW and PASTEBIN_CREATE. In [h:changeset:4983 this changeset], ({{{environment_needs_upgrade}}} checks {{{_has_old_permission}}} for any of the old permissions and {{{upgrade_environment}}} calls {{{convert_use_permissions}}} (via the {{{version_map}}} if required) to convert them to the new permissions.
     
    159161 * [http://www.edgewall.org/docs/trac-trunk/html/api/trac_perm.html#trac.perm.IPermissionRequestor API Reference]
    160162 * Ticket about extending exsting meta-permissions: #8036
    161  * Mailing list [http://article.gmane.org/gmane.comp.version-control.subversion.trac.general/3119 message] about the initial design of IPermissionRequestor, [wiki:TracDev/PluginDevelopment/ExtensionPoints/IPermissionStore IPermissionStore] and [wiki:TracDev/PluginDevelopment/ExtensionPoints/IPermissionGroupProvider IPermissionGroupProvider]
     163 * Mailing list [http://article.gmane.org/gmane.comp.version-control.subversion.trac.general/3119 message] about the initial design of IPermissionRequestor, [../trac.perm.IPermissionStore IPermissionStore] and [../trac.perm.IPermissionGroupProvider IPermissionGroupProvider]