| 16 | |
| 17 | == 1000 ' View == |
| 18 | |
| 19 | * Add an interface (`IPermissionPolicy`) for checking a users permission to access [WikiContext Trac resources]. |
| 20 | * Convert the current permission system to a plugin (`DefaultPermissionPolicy`). |
| 21 | * Modify `PermissionCache` to cache the fine-grained policy check results (still needs some cleanup). |
| 22 | * Convert each module to use fine-grained permissions (only the Wiki module has been converted so far). |
| 23 | * API is backwards compatible. |
| 24 | * Security policies can be "stacked". |
| 25 | |
| 26 | == API == |
| 27 | |
| 28 | {{{ |
| 29 | #!python |
| 30 | class IPermissionPolicy(Interface): |
| 31 | """A security policy provider.""" |
| 32 | def check_permission(req, username, action, context): |
| 33 | """Check that username can perform action in context. |
| 34 | |
| 35 | Must return True if action is allowed, False if action is denied, or |
| 36 | None if indifferent. |
| 37 | |
| 38 | NOTE: req is passed in addition to context, as context is likely to be |
| 39 | refactored to remove this.""" |
| 40 | }}} |