Changes between Version 4 and Version 5 of TracDev/SecurityBranch
- Timestamp:
- May 27, 2007, 2:36:35 PM (17 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracDev/SecurityBranch
v4 v5 2 2 3 3 = [source:sandbox/pycon/security Security Sandbox] = 4 5 '''''This branch has been integrated into trunk as of r5514.''''' 4 6 5 7 This sandbox aims at adding a finer grained control for the TracPermissions system. … … 30 32 class IPermissionPolicy(Interface): 31 33 """A security policy provider.""" 32 def check_permission( req,username, action, context):34 def check_permission(username, action, context): 33 35 """Check that username can perform action in context. 34 36 35 37 Must return True if action is allowed, False if action is denied, or 36 None if indifferent. 37 38 NOTE: req is passed in addition to context, as context is likely to be 39 refactored to remove this.""" 38 None if indifferent.""" 40 39 }}} 41 40 42 41 == Testing the features == 43 42 44 You can check the source out from [http://svn.edgewall.com/repos/trac/sandbox/pycon/security here] using Subversion. 43 An example policy based on an Authz-style system has been added. See 44 [source:trunk/sample-plugins/authz_policy.py] for details. 45 45 46 An example policy based on an Authz-style system has been added: 47 see [source:sandbox/pycon/security/sample-plugins/authz_policy.py]. 48 - copy this file in your plugins directory 49 - install genshi 50 - plonk''(sic)'' a [http://swapoff.org/files/authzpolicy.conf authzpolicy.conf] file somewhere 51 - update your `trac.ini`: 46 - Install [http://www.voidspace.org.uk/python/configobj.html ConfigObj] (required). 47 - Copy this file in your plugins directory 48 - Plonk a [http://swapoff.org/files/authzpolicy.conf authzpolicy.conf] file somewhere. 49 - Update your `trac.ini`: 52 50 {{{ 53 51 [trac] 54 52 ... 55 permission_policies = AuthzPolicy 53 permission_policies = AuthzPolicy, DefaultPermissionPolicy 56 54 57 55 [authz_policy] … … 65 63 66 64 Note that the order in which permission policies are specified is quite critical, 67 as policies will be examined in the given sequence. 68 A policy will return either `True`, `False` or `None` for a givein permission check. 65 as policies will be examined in the sequence provided. 66 67 A policy will return either `True`, `False` or `None` for a given permission check. 69 68 Only if the return value is `None` will the ''next'' permission policy be consulted. 70 69 If no policy explicitly grants the permission, the final result will be `False` … … 73 72 For example, if the authz_file contains: 74 73 {{{ 75 [wiki:WikiStart ]74 [wiki:WikiStart@*] 76 75 * = VIEW 77 76 78 [wiki:PrivatePage ]77 [wiki:PrivatePage@*] 79 78 john = VIEW 80 79 * = … … 88 87 89 88 Then: 90 - WikiStart will be viewable by all(including anonymous)89 - All versions of WikiStart will be viewable by everybody (including anonymous) 91 90 - !PrivatePage will be viewable only by john 92 91 - other pages will be viewable only by john and jack