[[PageOutline]] = [source:sandbox/pycon/security Security Sandbox] = '''''This branch has been integrated into trunk as of r5514.''''' This sandbox aims at adding a finer grained control for the TracPermissions system. * Some related tickets: #654, #834, #948, #1316 The permission policy system has been [source:sandbox/pycon/security rewritten] on top of the ''[WikiContext Context]'' objects. The Wiki system, a significant part of the Ticket system and the attachment subsystem are now using the new permission policy engine. * View the revision [log:sandbox/pycon/security log] * See [diff:trunk//sandbox/pycon/security differences] for Trac [milestone:0.11]dev * See [diff:trunk@3353//sandbox/pycon/security@3354 patch] for Trac [milestone:0.10]dev (initial implementation) == 1000 ' View == * Add an interface (`IPermissionPolicy`) for checking a users permission to access [WikiContext Trac resources]. * Convert the current permission system to a plugin (`DefaultPermissionPolicy`). * Modify `PermissionCache` to cache the fine-grained policy check results (still needs some cleanup). * Convert each module to use fine-grained permissions (only the Wiki module has been converted so far). * API is backwards compatible. * Security policies can be "stacked". == API == {{{ #!python class IPermissionPolicy(Interface): """A security policy provider.""" def check_permission(username, action, context): """Check that username can perform action in context. Must return True if action is allowed, False if action is denied, or None if indifferent.""" }}} == Testing the features == An example policy based on an Authz-style system has been added. See [source:trunk/sample-plugins/authz_policy.py] for details. - Install [http://www.voidspace.org.uk/python/configobj.html ConfigObj] (required). - Copy this file in your plugins directory - Plonk a [http://swapoff.org/files/authzpolicy.conf authzpolicy.conf] file somewhere. - Update your `trac.ini`: {{{ [trac] ... permission_policies = AuthzPolicy, DefaultPermissionPolicy [authz_policy] authz_file = /some/trac/env/conf/authzpolicy.conf [components] ... authz_policy = enabled }}} - Finally, restart your web server. Note that the order in which permission policies are specified is quite critical, as policies will be examined in the sequence provided. A policy will return either `True`, `False` or `None` for a given permission check. Only if the return value is `None` will the ''next'' permission policy be consulted. If no policy explicitly grants the permission, the final result will be `False` (i.e. no permission). For example, if the authz_file contains: {{{ [wiki:WikiStart@*] * = VIEW [wiki:PrivatePage@*] john = VIEW * = }}} and the default permissions are set like this: {{{ john WIKI_VIEW jack WIKI_VIEW # anonymous has no WIKI_VIEW }}} Then: - All versions of WikiStart will be viewable by everybody (including anonymous) - !PrivatePage will be viewable only by john - other pages will be viewable only by john and jack ---- See also: WikiContext