Changes between Version 64 and Version 65 of TracFineGrainedPermissions
- Timestamp:
- Mar 26, 2017, 8:20:07 AM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracFineGrainedPermissions
v64 v65 1 = Fine grained permissions =1 = Fine grained permissions 2 2 [[PageOutline(2-5, Contents, floated)]] 3 3 [[TracGuideToc]] … … 7 7 That mechanism is `authz_policy`, which is an optional module in `tracopt.perm.authz_policy.*`, so it is installed by default. It can be activated via the //Plugins// panel in the Trac administration module. 8 8 9 == Permission Policies ==9 == Permission Policies 10 10 11 11 A great diversity of permission policies can be implemented and Trac comes with a few examples. … … 29 29 See also [trac:source:branches/1.2-stable/sample-plugins/permissions sample-plugins/permissions] for more examples. 30 30 31 === !AuthzPolicy ===32 ==== Configuration ====31 === !AuthzPolicy 32 ==== Configuration 33 33 * Put a [http://swapoff.org/files/authzpolicy.conf conf] file in a secure location on the server, not readable by users other than the webuser. If the file contains non-ASCII characters, the UTF-8 encoding should be used. 34 34 * Update your `trac.ini`: … … 49 49 }}} 50 50 51 ==== Usage Notes ====51 ==== Usage Notes 52 52 53 53 Note the order in which permission policies are specified: policies are implemented in the sequence provided and therefore may override earlier policy specifications. … … 175 175 Note: In order for Timeline to work/visible for John, we must add CHANGESET_VIEW to the above permission list. 176 176 177 ==== Missing Features ====177 ==== Missing Features 178 178 Although possible with the !DefaultPermissionPolicy handling (see Admin panel), fine-grained permissions still miss those grouping features (see [trac:ticket:9573 #9573], [trac:ticket:5648 #5648]). Patches are partially available, see authz_policy.2.patch, part of [trac:ticket:6680 #6680]. 179 179 … … 198 198 }}} 199 199 200 === !AuthzSourcePolicy (mod_authz_svn-like permission policy) === #AuthzSourcePolicy 201 202 At the time of this writing, the old granular permissions system from Trac 0.11 and before used for restricting access to the repository has been converted to a permission policy component. But from the user's point of view, this makes little if any difference. 203 204 That kind of granular permission control needs a definition file, which is the one used by Subversion's mod_authz_svn. 200 === !AuthzSourcePolicy (mod_authz_svn-like permission policy) #AuthzSourcePolicy 201 202 `AuthzSourcePolicy` can be used for restricting access to the repository. Granular permission control needs a definition file, which is the one used by Subversion's mod_authz_svn. 205 203 More information about this file format and about its usage in Subversion is available in the [http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html Path-Based Authorization] section in the Server Configuration chapter of the svn book. 206 204 … … 222 220 * '''/branches/calc/bug-142/secret''' = ''harry has no access, sally has read access (inherited as a sub folder permission)'' 223 221 224 ==== Trac Configuration ====222 ==== Trac Configuration 225 223 226 224 To activate granular permissions you __must__ specify the {{{authz_file}}} option in the `[svn]` section of trac.ini. If this option is set to null or not specified, the permissions will not be used. … … 259 257 }}} 260 258 261 ==== Subversion Configuration ====259 ==== Subversion Configuration 262 260 263 261 The same access file is typically applied to the corresponding Subversion repository using an Apache directive like this: