| 1 | == Extension Point : ''IPermissionStore'' == |
| 2 | |
| 3 | ||'''Interface'''||''IPermissionStore''||'''Since'''||0.9|| |
| 4 | ||'''Module'''||''trac.perm''||'''Source'''||[source:trunk/trac/perm.py perm.py]|| |
| 5 | |
| 6 | The active ''IPermissionStore'' implementation stores the permissions and group memberships explicitly granted to users and groups. |
| 7 | |
| 8 | == Purpose == |
| 9 | |
| 10 | The TracPermissions system supports granting and revoking of action permissions and of hierarchical [TracPermissions#PermissionGroups groups] that bundle and inherit permissions per user. The IPermissionStore interface can be used to replace the storage mechanism for these granted permissions. |
| 11 | |
| 12 | Note that to ''implicitly'' grant additional permissions to certain users automatically, it is not necessary to implement (or wrap) IPermissionStore. Implement [../trac.perm.IPermissionGroupProvider IPermissionGroupProvider] instead. |
| 13 | |
| 14 | == Usage == |
| 15 | |
| 16 | Implementing the interface follows the standard guidelines found in [wiki:TracDev/ComponentArchitecture] and of course [wiki:TracDev/PluginDevelopment]. |
| 17 | |
| 18 | Only the ''permission_store'' configured in [wiki:TracIni#trac-section trac.ini] will be used. The configured implementation will be called by the permissions system to grant, revoke and query permissions. This information is automatically cached and reused for some time. |
| 19 | |
| 20 | == Examples == |
| 21 | |
| 22 | Due to the complexity of implementing a full permission store backend, no simple example can be provided here. |
| 23 | |
| 24 | == Available Implementations == |
| 25 | |
| 26 | In Trac: |
| 27 | || [source:trunk/trac/perm.py DefaultPermissionStore] || Stores permissions and admin defined permission groups in the project environment's SQL database. || |
| 28 | |
| 29 | In third-party plugins: |
| 30 | |
| 31 | || th:LdapPlugin || `LdapPermissionStore` uses LDAP directory as the permission store backend. || |
| 32 | || th:ActiveDirectoryAuthPlugin || `UserExtensiblePermissionStore` extends `DefaultPermissionStore` adding an extension point, implemented to provide `TRAC_ADMIN` for members of a certain Active Directory group. || |
| 33 | || th:TracForgePlugin || `TracForgePermissionStore` extends `DefaultPermissionStore` for multi project permissions. || |
| 34 | || th:SuperUserPlugin || Wraps another (`Default`)`PermissionStore` to automatically give some users `TRAC_ADMIN` privileges. || |
| 35 | |
| 36 | == Additional Information and References == |
| 37 | |
| 38 | * [http://www.edgewall.org/docs/trac-trunk/epydoc/trac.perm.IPermissionStore-class.html Epydoc API Reference] |
| 39 | * See also [../trac.perm.IPermissionGroupProvider IPermissionGroupProvider], [../trac.perm.IPermissionPolicy IPermissionPolicy], [../trac.perm.IPermissionRequestor IPermissionRequestor] |
| 40 | * Related tickets: |
| 41 | * #5648 Move user defined groups to IPermissionGroupProvider implementation |
| 42 | * #4245 Inefficient algorithm used in `DefaultPermissionStore` |
| 43 | * [query:status!=closed&keywords~=permissions permissions in keywords] |
| 44 | * Related mailing list topics: |
| 45 | * Early [Trac-ML:3072 design discussion] |
| 46 | * Some discussion about possible [trac-dev:2758 future enhancements] |