| | 1 | == Extension Point : ''IPermissionStore'' == |
| | 2 | |
| | 3 | ||'''Interface'''||''IPermissionStore''||'''Since'''||0.9|| |
| | 4 | ||'''Module'''||''trac.perm''||'''Source'''||[source:trunk/trac/perm.py perm.py]|| |
| | 5 | |
| | 6 | The active ''IPermissionStore'' implementation stores the permissions and group memberships explicitly granted to users and groups. |
| | 7 | |
| | 8 | == Purpose == |
| | 9 | |
| | 10 | The TracPermissions system supports granting and revoking of action permissions and of hierarchical [TracPermissions#PermissionGroups groups] that bundle and inherit permissions per user. The IPermissionStore interface can be used to replace the storage mechanism for these granted permissions. |
| | 11 | |
| | 12 | Note that to ''implicitly'' grant additional permissions to certain users automatically, it is not necessary to implement (or wrap) IPermissionStore. Implement [../trac.perm.IPermissionGroupProvider IPermissionGroupProvider] instead. |
| | 13 | |
| | 14 | == Usage == |
| | 15 | |
| | 16 | Implementing the interface follows the standard guidelines found in [wiki:TracDev/ComponentArchitecture] and of course [wiki:TracDev/PluginDevelopment]. |
| | 17 | |
| | 18 | Only the ''permission_store'' configured in [wiki:TracIni#trac-section trac.ini] will be used. The configured implementation will be called by the permissions system to grant, revoke and query permissions. This information is automatically cached and reused for some time. |
| | 19 | |
| | 20 | == Examples == |
| | 21 | |
| | 22 | Due to the complexity of implementing a full permission store backend, no simple example can be provided here. |
| | 23 | |
| | 24 | == Available Implementations == |
| | 25 | |
| | 26 | In Trac: |
| | 27 | || [source:trunk/trac/perm.py DefaultPermissionStore] || Stores permissions and admin defined permission groups in the project environment's SQL database. || |
| | 28 | |
| | 29 | In third-party plugins: |
| | 30 | |
| | 31 | || th:LdapPlugin || `LdapPermissionStore` uses LDAP directory as the permission store backend. || |
| | 32 | || th:ActiveDirectoryAuthPlugin || `UserExtensiblePermissionStore` extends `DefaultPermissionStore` adding an extension point, implemented to provide `TRAC_ADMIN` for members of a certain Active Directory group. || |
| | 33 | || th:TracForgePlugin || `TracForgePermissionStore` extends `DefaultPermissionStore` for multi project permissions. || |
| | 34 | || th:SuperUserPlugin || Wraps another (`Default`)`PermissionStore` to automatically give some users `TRAC_ADMIN` privileges. || |
| | 35 | |
| | 36 | == Additional Information and References == |
| | 37 | |
| | 38 | * [http://www.edgewall.org/docs/trac-trunk/epydoc/trac.perm.IPermissionStore-class.html Epydoc API Reference] |
| | 39 | * See also [../trac.perm.IPermissionGroupProvider IPermissionGroupProvider], [../trac.perm.IPermissionPolicy IPermissionPolicy], [../trac.perm.IPermissionRequestor IPermissionRequestor] |
| | 40 | * Related tickets: |
| | 41 | * #5648 Move user defined groups to IPermissionGroupProvider implementation |
| | 42 | * #4245 Inefficient algorithm used in `DefaultPermissionStore` |
| | 43 | * [query:status!=closed&keywords~=permissions permissions in keywords] |
| | 44 | * Related mailing list topics: |
| | 45 | * Early [Trac-ML:3072 design discussion] |
| | 46 | * Some discussion about possible [trac-dev:2758 future enhancements] |
