| | 1 | [[PageOutline]] |
| | 2 | |
| | 3 | = [source:sandbox/pycon/security Security Sandbox] = |
| | 4 | |
| | 5 | This sandbox aims at adding a finer grained control for the TracPermissions system. |
| | 6 | * Some related tickets: #654, #834, #948, #1316 |
| | 7 | |
| | 8 | The permission policy system has been [source:sandbox/pycon/security rewritten] on top of the ''[WikiContext Context]'' objects. |
| | 9 | |
| | 10 | The Wiki system, a significant part of the Ticket system and the attachment subsystem |
| | 11 | are now using the new permission policy engine. |
| | 12 | |
| | 13 | * View the revision [log:sandbox/pycon/security log] |
| | 14 | * See [diff:trunk//sandbox/pycon/security differences] for Trac [milestone:0.11]dev |
| | 15 | * See [diff:trunk@3353//sandbox/pycon/security@3354 patch] for Trac [milestone:0.10]dev (initial implementation) |
| | 16 | |
| | 17 | == Testing the features == |
| | 18 | |
| | 19 | You can check the source out from [http://svn.edgewall.com/repos/trac/sandbox/pycon/security here] using Subversion. |
| | 20 | |
| | 21 | An example policy based on an Authz-style system has been added: |
| | 22 | see [source:sandbox/pycon/security/sample-plugins/authz_policy.py]. |
| | 23 | - copy this file in your plugins directory |
| | 24 | - install genshi |
| | 25 | - plonk''(sic)'' a [http://swapoff.org/files/authzpolicy.conf authzpolicy.conf] file somewhere |
| | 26 | - update your `trac.ini`: |
| | 27 | {{{ |
| | 28 | [trac] |
| | 29 | ... |
| | 30 | permission_policies = AuthzPolicy |
| | 31 | |
| | 32 | [authz_policy] |
| | 33 | authz_file = /some/trac/env/conf/authzpolicy.conf |
| | 34 | |
| | 35 | [components] |
| | 36 | ... |
| | 37 | authz_policy = enabled |
| | 38 | }}} |
| | 39 | - Finally, restart your web server. |
| | 40 | |
| | 41 | Note that the order in which permission policies are specified is quite critical, |
| | 42 | as policies will be examined in the given sequence. |
| | 43 | A policy will return either `True`, `False` or `None` for a givein permission check. |
| | 44 | Only if the return value is `None` will the ''next'' permission policy be consulted. |
| | 45 | If no policy explicitly grants the permission, the final result will be `False` |
| | 46 | (i.e. no permission). |
| | 47 | |
| | 48 | For example, if the authz_file contains: |
| | 49 | {{{ |
| | 50 | [wiki:WikiStart] |
| | 51 | * = VIEW |
| | 52 | |
| | 53 | [wiki:PrivatePage] |
| | 54 | john = VIEW |
| | 55 | * = |
| | 56 | }}} |
| | 57 | and the default permissions are set like this: |
| | 58 | {{{ |
| | 59 | john WIKI_VIEW |
| | 60 | jack WIKI_VIEW |
| | 61 | # anonymous has no WIKI_VIEW |
| | 62 | }}} |
| | 63 | |
| | 64 | Then: |
| | 65 | - WikiStart will be viewable by all (including anonymous) |
| | 66 | - !PrivatePage will be viewable only by john |
| | 67 | - other pages will be viewable only by john and jack |
| | 68 | |
| | 69 | ---- |
| | 70 | See also: WikiContext |
