Changes between Version 5 and Version 6 of TracPermissionFilterPlugin
- Timestamp:
- Mar 13, 2015, 10:09:01 AM (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracPermissionFilterPlugin
v5 v6 1 1 [[PageOutline(2-5,Contents,pullout)]] 2 2 3 = TracPermissionFilterPlugin =3 = Remove Trac permissions using a blacklist and/or whitelist 4 4 5 == Description ==5 == Description 6 6 7 7 Plugin to remove Trac permissions using a blacklist and/or a whitelist. 8 8 9 This hack was born to be able to ''archive'' projects without touching the 10 Trac database, the idea is to use the filter to disable all permissions that 11 allow users to modify it without changing their permissions on the database 12 and be able to restore the project to the original state simply disabling the 13 filter. 9 This hack was born to be able to ''archive'' projects without touching the Trac database, the idea is to use the filter to disable all permissions that allow users to modify it without changing their permissions on the database and be able to restore the project to the original state simply disabling the filter. 14 10 15 To filter permissions as desired the plugin has to be the first one on the 16 `permission_policy` list and it works by checking the permissions against the 17 blacklist and the whitelist in that order (if a permission is in both lists it 18 is blacklisted). 11 To filter permissions as desired the plugin has to be the first one on the `permission_policy` list and it works by checking the permissions against the blacklist and the whitelist in that order. If a permission is in both lists it is blacklisted. 19 12 20 13 The process is as follows: 21 14 22 1. If the `blacklist` is available and the permission being considered is on 23 the list the `check_permission` function returns `False` and the 15 1. If the `blacklist` is available and the permission being considered is on the list the `check_permission` function returns `False` and the 24 16 permission evaluation stops. 17 1. If the `whitelist` is available and the permission we are checking is not on the list the `check_permission` function returns `False` and the permission evaluation stops. 18 1. If the evaluation gets here the permission is ignored by the plugin and the next permission policy is checked. 25 19 26 2. If the `whitelist` is available and the permission we are checking is not 27 on the list the `check_permission` function returns `False` and the 28 permission evaluation stops. 20 If the boolean option `adminmeta` is True, then the filters are ignored for users with the `TRAC_ADMIN` permission. 29 21 30 3. If the evaluation gets here the permission is ignored by the plugin and 31 the next permission policy is checked. 32 33 If the boolean option `adminmeta` is True the filters are ignored for users 34 with TRAC_ADMIN permission. 35 36 == Bugs/Feature Requests == 22 == Bugs/Feature Requests 37 23 38 24 Existing bugs and feature requests for TracPermissionFilterPlugin are … … 42 28 [http://trac-hacks.org/newticket?component=TracPermissionFilterPlugin&owner=sto new ticket]. 43 29 44 == Download == 30 [[TicketQuery(component=TracPermissionFilterPlugin&group=type,format=progress)]] 31 32 == Download 45 33 46 34 Download the zipped source from [download:tracpermissionfilterplugin here]. 47 35 48 == Source ==36 == Source 49 37 50 38 You can check out TracPermissionFilterPlugin from [http://trac-hacks.org/svn/tracpermissionfilterplugin here] using Subversion, or [source:tracpermissionfilterplugin browse the source] with Trac. 51 39 52 == Example ==40 == Configuration 53 41 54 42 After enabling the plugin in your `trac.ini`: … … 56 44 {{{ 57 45 #!ini 46 [components] 58 47 tracpermissionfilter.* = enabled 59 48 }}} … … 75 64 }}} 76 65 77 The use of the two lists (black and white) makes sense when using inheritance, 78 to avoid repeating long lists (i. e., we can have a long whitelist and reduce it only 79 in one project using the blacklist). 66 The use of the two lists (black and white) makes sense when using inheritance to avoid repeating long lists. For example, we can have a long whitelist and reduce it only in one project using the blacklist. 80 67 81 The plugin has also an additional boolean option called `adminmeta`. 82 If this option is set to True (the default) the filters don't affect the users with 83 TRAC_ADMIN permission: 68 The plugin has also an additional boolean option called `adminmeta`. If this option is set to True (the default), then the filters don't affect the users with `TRAC_ADMIN` permission: 84 69 85 70 {{{ … … 89 74 }}} 90 75 91 If the variable is set to `False` filtering has odd effects on users with 92 TRAC_ADMIN permission because we reject based on `action` name and 93 TRAC_ADMIN is a meta permission that usually is not checked directly 76 If the variable is set to `False` filtering has odd effects on users with the `TRAC_ADMIN` permission because we reject based on `action` name and `TRAC_ADMIN` is a meta permission that usually is not checked directly. 94 77 95 78 Lastly, remember to put the filter the first on your project `permission_policies`: … … 101 84 }}} 102 85 103 == Recent Changes ==86 == Recent Changes 104 87 105 88 [[ChangeLog(tracpermissionfilterplugin, 3)]] 106 89 107 == Author/Contributors ==90 == Author/Contributors 108 91 109 92 '''Author:''' [wiki:sto] [[BR]] 110 '''Maintainer:''' [ wiki:sto] [[BR]]93 '''Maintainer:''' [[Maintainer]] [[BR]] 111 94 '''Contributors:'''