Edgewall Software

Changes between Version 64 and Version 65 of TracFineGrainedPermissions


Ignore:
Timestamp:
Mar 26, 2017, 8:20:07 AM (3 years ago)
Author:
Ryan J Ollos
Comment:

Minor edits.

Legend:

Unmodified
Added
Removed
Modified
  • TracFineGrainedPermissions

    v64 v65  
    1 = Fine grained permissions =
     1= Fine grained permissions
    22[[PageOutline(2-5, Contents, floated)]]
    33[[TracGuideToc]]
     
    77That mechanism is `authz_policy`, which is an optional module in `tracopt.perm.authz_policy.*`, so it is installed by default. It can be activated via the //Plugins// panel in the Trac administration module.
    88
    9 == Permission Policies ==
     9== Permission Policies
    1010
    1111A great diversity of permission policies can be implemented and Trac comes with a few examples.
     
    2929See also [trac:source:branches/1.2-stable/sample-plugins/permissions sample-plugins/permissions] for more examples.
    3030
    31 === !AuthzPolicy ===
    32 ==== Configuration ====
     31=== !AuthzPolicy
     32==== Configuration
    3333* Put a [http://swapoff.org/files/authzpolicy.conf conf] file in a secure location on the server, not readable by users other than the webuser. If the  file contains non-ASCII characters, the UTF-8 encoding should be used.
    3434* Update your `trac.ini`:
     
    4949}}}
    5050
    51 ==== Usage Notes ====
     51==== Usage Notes
    5252
    5353Note the order in which permission policies are specified: policies are implemented in the sequence provided and therefore may override earlier policy specifications.
     
    175175Note: In order for Timeline to work/visible for John, we must add CHANGESET_VIEW to the above permission list.
    176176
    177 ==== Missing Features ====
     177==== Missing Features
    178178Although possible with the !DefaultPermissionPolicy handling (see Admin panel), fine-grained permissions still miss those grouping features (see [trac:ticket:9573 #9573], [trac:ticket:5648 #5648]). Patches are partially available, see authz_policy.2.patch, part of [trac:ticket:6680 #6680].
    179179
     
    198198}}}
    199199
    200 === !AuthzSourcePolicy  (mod_authz_svn-like permission policy) === #AuthzSourcePolicy
    201 
    202 At the time of this writing, the old granular permissions system from Trac 0.11 and before used for restricting access to the repository has been converted to a permission policy component. But from the user's point of view, this makes little if any difference.
    203 
    204 That kind of granular permission control needs a definition file, which is the one used by Subversion's mod_authz_svn.
     200=== !AuthzSourcePolicy  (mod_authz_svn-like permission policy) #AuthzSourcePolicy
     201
     202`AuthzSourcePolicy` can be used for restricting access to the repository. Granular permission control needs a definition file, which is the one used by Subversion's mod_authz_svn.
    205203More information about this file format and about its usage in Subversion is available in the [http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html Path-Based Authorization] section in the Server Configuration chapter of the svn book.
    206204
     
    222220 * '''/branches/calc/bug-142/secret''' = ''harry has no access, sally has read access (inherited as a sub folder permission)''
    223221
    224 ==== Trac Configuration ====
     222==== Trac Configuration
    225223
    226224To activate granular permissions you __must__ specify the {{{authz_file}}} option in the `[svn]` section of trac.ini. If this option is set to null or not specified, the permissions will not be used.
     
    259257}}}
    260258
    261 ==== Subversion Configuration ====
     259==== Subversion Configuration
    262260
    263261The same access file is typically applied to the corresponding Subversion repository using an Apache directive like this: