Changes between Version 1 and Version 2 of TracFineGrainedPermissions
- Timestamp:
- Feb 8, 2011, 3:06:30 PM (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracFineGrainedPermissions
v1 v2 10 10 11 11 An example policy based on an Authz-style system has been added. See 12 [ source:trunk/sample-plugins/permissions/authz_policy.py] for details. (See also [source:trunk/sample-plugins/permissions] for more samples.)12 [trac:source:branches/0.11-stable/sample-plugins/permissions/authz_policy.py authz_policy.py] for details (current version requires >= Python 2.4). (See also [trac:source:branches/0.11-stable/sample-plugins/permissions sample-plugins/permissions] for more samples.) 13 13 14 14 - Install [http://www.voidspace.org.uk/python/configobj.html ConfigObj] (required). … … 16 16 - Put a [http://swapoff.org/files/authzpolicy.conf authzpolicy.conf] file somewhere (preferably on a secured location on the server, not readable for others than the webuser. 17 17 - Update your `trac.ini`: 18 1. modify the [TracIni#trac-section permission_policies] entry in the `[trac]` section 18 19 {{{ 19 20 [trac] 20 21 ... 21 22 permission_policies = AuthzPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy 22 23 }}} 24 2. add a new `[authz_policy]` section 25 {{{ 23 26 [authz_policy] 24 27 authz_file = /some/trac/env/conf/authzpolicy.conf 25 28 }}} 29 3. enable the single file plugin 30 {{{ 26 31 [components] 27 32 ... 28 authz_policy = enabled33 authz_policy.* = enabled 29 34 }}} 30 35 … … 61 66 === mod_authz_svn-like permission policy === 62 67 63 At the time of this writing, the old fine grained permissions system from Trac 0.10 and before used for restricting access to the repository has not yet been converted to a permission policy component, but from the user point of view, this makes little if no difference s.68 At the time of this writing, the old fine grained permissions system from Trac 0.10 and before used for restricting access to the repository has not yet been converted to a permission policy component, but from the user point of view, this makes little if no difference. 64 69 65 70 That kind of fine-grained permission control needs a definition file, which is the one used by Subversion's mod_authz_svn. 66 More information about this file format and about its usage in Subversion is available in the [http://svnbook.red-bean.com/svnbook/book.html#svn-ch-6-sect-4.4.2 Subversion Book (Per-Directory Access Control)].71 More information about this file format and about its usage in Subversion is available in the [http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html Path-Based Authorization] section in the Server Configuration chapter of the svn book. 67 72 68 73 Example: … … 117 122 For information about how to restrict access to entire projects in a multiple project environment see [trac:wiki:TracMultipleProjectsSVNAccess] 118 123 124 == Getting TracFineGrainedPermissions to work == 125 126 Don't forget to restart Trac engine to apply new configuration if you are running tracd standalone server. 127 119 128 ---- 120 129 See also: TracPermissions 130 http://trac-hacks.org/wiki/FineGrainedPageAuthzEditorPlugin for a simple editor plugin.
