Changes between Version 10 and Version 11 of TracDev/SecurityBranch
- Timestamp:
- Dec 8, 2007, 11:07:17 PM (16 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracDev/SecurityBranch
v10 v11 54 54 }}} 55 55 56 New style :56 New style is based on adding a resource descriptor (`trac.resource.Resource`) as identification in permission checks: 57 57 58 58 {{{ … … 64 64 # wish to restrict 'WikiStart' you must provide ('wiki', 'WikiStart'). 65 65 if 'WIKI_MODIFY' in req.perm('wiki', 'WikiStart', 20): 66 66 ... 67 67 68 # or, checking the current resource context 69 if 'WIKI_MODIFY' in req.perm(context): 70 ... 68 # A resource descriptor can be created and reused for the purpose. 69 page_resource = Resource('wiki', 'WikiStart', 20) 70 if 'WIKI_MODIFY' in req.perm(page_resource): 71 ... 71 72 72 73 # Assert that user has permission 73 req.perm .require('WIKI_MODIFY', 'wiki', 'WikiStart')74 req.perm(page_resource).require('WIKI_MODIFY') 74 75 # or ... 75 req.perm .require('WIKI_MODIFY', context)76 req.perm(page_resource).require('WIKI_MODIFY') 76 77 }}} 77 78 … … 83 84 #!python 84 85 class IPermissionPolicy(Interface): 85 """A security policy provider.""" 86 def check_permission(username, action, context): 87 """Check that username can perform action in context. 86 """A security policy provider used for fine grained permission checks.""" 88 87 89 Must return True if action is allowed, False if action is denied, or 90 None if indifferent.""" 88 def check_permission(action, username, resource, perm): 89 """Check that the action can be performed by username on the resource 90 ... 91 91 }}} 92 93 See `trac.perm.IPermissionPolicy` source code for much more information. 92 94 93 95 == Testing the features ==