| 1 | [[PageOutline]] |
| 2 | |
| 3 | = [source:sandbox/pycon/security Security Sandbox] = |
| 4 | |
| 5 | This sandbox aims at adding a finer grained control for the TracPermissions system. |
| 6 | * Some related tickets: #654, #834, #948, #1316 |
| 7 | |
| 8 | The permission policy system has been [source:sandbox/pycon/security rewritten] on top of the ''[WikiContext Context]'' objects. |
| 9 | |
| 10 | The Wiki system, a significant part of the Ticket system and the attachment subsystem |
| 11 | are now using the new permission policy engine. |
| 12 | |
| 13 | * View the revision [log:sandbox/pycon/security log] |
| 14 | * See [diff:trunk//sandbox/pycon/security differences] for Trac [milestone:0.11]dev |
| 15 | * See [diff:trunk@3353//sandbox/pycon/security@3354 patch] for Trac [milestone:0.10]dev (initial implementation) |
| 16 | |
| 17 | == Testing the features == |
| 18 | |
| 19 | You can check the source out from [http://svn.edgewall.com/repos/trac/sandbox/pycon/security here] using Subversion. |
| 20 | |
| 21 | An example policy based on an Authz-style system has been added: |
| 22 | see [source:sandbox/pycon/security/sample-plugins/authz_policy.py]. |
| 23 | - copy this file in your plugins directory |
| 24 | - install genshi |
| 25 | - plonk''(sic)'' a [http://swapoff.org/files/authzpolicy.conf authzpolicy.conf] file somewhere |
| 26 | - update your `trac.ini`: |
| 27 | {{{ |
| 28 | [trac] |
| 29 | ... |
| 30 | permission_policies = AuthzPolicy |
| 31 | |
| 32 | [authz_policy] |
| 33 | authz_file = /some/trac/env/conf/authzpolicy.conf |
| 34 | |
| 35 | [components] |
| 36 | ... |
| 37 | authz_policy = enabled |
| 38 | }}} |
| 39 | - Finally, restart your web server. |
| 40 | |
| 41 | Note that the order in which permission policies are specified is quite critical, |
| 42 | as policies will be examined in the given sequence. |
| 43 | A policy will return either `True`, `False` or `None` for a givein permission check. |
| 44 | Only if the return value is `None` will the ''next'' permission policy be consulted. |
| 45 | If no policy explicitly grants the permission, the final result will be `False` |
| 46 | (i.e. no permission). |
| 47 | |
| 48 | For example, if the authz_file contains: |
| 49 | {{{ |
| 50 | [wiki:WikiStart] |
| 51 | * = VIEW |
| 52 | |
| 53 | [wiki:PrivatePage] |
| 54 | john = VIEW |
| 55 | * = |
| 56 | }}} |
| 57 | and the default permissions are set like this: |
| 58 | {{{ |
| 59 | john WIKI_VIEW |
| 60 | jack WIKI_VIEW |
| 61 | # anonymous has no WIKI_VIEW |
| 62 | }}} |
| 63 | |
| 64 | Then: |
| 65 | - WikiStart will be viewable by all (including anonymous) |
| 66 | - !PrivatePage will be viewable only by john |
| 67 | - other pages will be viewable only by john and jack |
| 68 | |
| 69 | ---- |
| 70 | See also: WikiContext |