Changes between Version 59 and Version 60 of TracFineGrainedPermissions

Timestamp:

Nov 20, 2014, 5:55:21 PM (9 years ago)

Author:

Ryan J Ollos

Comment:

Remove info for AuthzPolicy in Trac 0.11.

TracFineGrainedPermissions

@@ -5 +5 @@
 There's a general mechanism in place that allows custom **permission policy plugins** to grant or deny any action on any kind of Trac resources, even at the level of specific versions of such resources.
 
-Note that for Trac 0.12, `authz_policy` has been integrated as an optional module (in `tracopt.perm.authz_policy.*`), so it's installed by default and can simply be activated via the //Plugins// panel in the Trac administration module.
+That mechanism is `authz_policy`, which is an optional module (in `tracopt.perm.authz_policy.*`), so it's installed by default and can simply be activated via the //Plugins// panel in the Trac administration module.
 
 
@@ -14 +14 @@
 Which policies are currently active is determined by a configuration setting in TracIni:
 e.g.
-{{{
+{{{#!ini
 [trac]
 permission_policies = AuthzSourcePolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy
@@ -21 +21 @@
 
 Among the possible optional choices, there is [#AuthzPolicy], a very generic permission policy, based on an Authz-style system. See
-[trac:source:branches/0.12-stable/tracopt/perm/authz_policy.py authz_policy.py] for details. 
+[trac:source:branches/1.0-stable/tracopt/perm/authz_policy.py authz_policy.py] for details. 
 
 Another popular permission policy [#AuthzSourcePolicy], re-implements the pre-0.12 support for checking fine-grained permissions limited to Subversion repositories in terms of the new system.
 
-See also [trac:source:branches/0.12-stable/sample-plugins/permissions sample-plugins/permissions] for more examples.
+See also [trac:source:branches/1.0-stable/sample-plugins/permissions sample-plugins/permissions] for more examples.
 
 
 === !AuthzPolicy === 
 ==== Configuration ====
-* Install [http://www.voidspace.org.uk/python/configobj.html ConfigObj] (still needed for 0.12 and later).
-* Copy [trac:browser:/trunk/tracopt/perm/authz_policy.py /tracopt/perm/authz_policy.py] to your environment's plugins directory (only for Trac 0.11).
+* Install [http://www.voidspace.org.uk/python/configobj.html ConfigObj].
 * Put a [http://swapoff.org/files/authzpolicy.conf authzpolicy.conf] file somewhere, preferably on a secured location on the server, not readable for others than the webuser. If the  file contains non-ASCII characters, the UTF-8 encoding should be used.
 * Update your `trac.ini`:
   1. modify the [TracIni#trac-section permission_policies] entry in the `[trac]` section
-{{{
+{{{#!ini
 [trac]
 ...
@@ -41 +40 @@
 }}}
   1. add a new `[authz_policy]` section
-{{{
+{{{#!ini
 [authz_policy]
 authz_file = /some/trac/env/conf/authzpolicy.conf
 }}}
   1. enable the plugin through [/admin/general/plugin WebAdmin] or by editing the `[components]` section
-{{{
+{{{#!ini
 [components]
 ...
 # Trac 0.12
 tracopt.perm.authz_policy.* = enabled
-# for Trac 0.11 use this
-#authz_policy.* = enabled 
 }}}
 
@@ -67 +64 @@
 
 The `authzpolicy.conf` file is a `.ini` style configuration file:
-{{{
+{{{#!ini
 [wiki:PrivatePage@*]
 john = WIKI_VIEW, !WIKI_MODIFY
@@ -83 +80 @@
 
   Example: Match the WikiStart page
-{{{
+{{{#!ini
 [wiki:*]
 [wiki:WikiStart*]
@@ -92 +89 @@
   Example: Match the attachment `wiki:WikiStart@117/attachment:FOO.JPG@*`
   on WikiStart
-{{{
+{{{#!ini
 [wiki:*]
 [wiki:WikiStart*]
@@ -112 +109 @@
 
 For example, if the `authz_file` contains:
-{{{
+{{{#!ini
 [wiki:WikiStart@*]
 * = WIKI_VIEW
@@ -133 +130 @@
 
 Groups:
-{{{
+{{{#!ini
 [groups]
 admins = john, jack
@@ -154 +151 @@
 
 Some repository examples (Browse Source specific):
-{{{
+{{{#!ini
 # A single repository:
 [repository:test_repo@*]
@@ -172 +169 @@
 
 Very fine grain repository access:
-{{{
+{{{#!ini
 # John has BROWSER_VIEW and FILE_VIEW access to trunk/src/some/location/ only
 [repository:test_repo@*/source:trunk/src/some/location/*@*]
@@ -200 +197 @@
 
 You cannot do the following:
-{{{
+{{{#!ini
 [groups]
 team1 = a, b, c
@@ -209 +206 @@
 
 Permission groups are not supported either. You cannot do the following:
-{{{
+{{{#!ini
 [groups]
 permission_level_1 = WIKI_VIEW, TICKET_VIEW
@@ -227 +224 @@
 
 Example:
-{{{
+{{{#!ini
 [/]
 * = r
@@ -247 +244 @@
 To activate fine grained permissions you __must__ specify the {{{authz_file}}} option in the {{{[trac]}}} section of trac.ini. If this option is set to null or not specified the permissions will not be used.
 
-{{{
+{{{#!ini
 [trac]
 authz_file = /path/to/svnaccessfile
@@ -254 +251 @@
 If you want to support the use of the `[`''modulename''`:/`''some''`/`''path''`]` syntax within the `authz_file`, add 
 
-{{{
+{{{#!ini
 authz_module_name = modulename
 }}}
@@ -260 +257 @@
 where ''modulename'' refers to the same repository indicated by the `repository_dir` entry in the `[trac]` section. As an example, if the `repository_dir` entry in the `[trac]` section is {{{/srv/active/svn/blahblah}}}, that would yield the following:
 
-{{{ 
+{{{ #!ini
 [trac]
 authz_file = /path/to/svnaccessfile
@@ -274 +271 @@
 As of version 0.12, make sure you have ''!AuthzSourcePolicy'' included in the permission_policies list in trac.ini, otherwise the authz permissions file will be ignored.
 
-{{{ 
+{{{#!ini
 [trac]
 permission_policies = AuthzSourcePolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy
@@ -282 +279 @@
 
 The same access file is typically applied to the corresponding Subversion repository using an Apache directive like this:
-{{{
+{{{#!apache
 <Location /repos>
   DAV svn
@@ -296 +293 @@
 == Debugging permissions
 In trac.ini set:
-{{{
+{{{#!ini
 [logging]
 log_file = trac.log
@@ -304 +301 @@
 
 And watch:
-{{{
+{{{#!sh
 tail -n 0 -f log/trac.log | egrep '\[perm\]|\[authz_policy\]'
 }}}