Hi trac
a patch extended my mod_authz support to the wiki (a one hour patch)
simple setup, if you have the latest trunk and use my mod_authz patch,
add your section with
[ProjectName_wiki]
* = r
someuser = rw
my patch support both read and write ACL but is ot perfect (currently no
wiki diff)
(if you want include in trunk go for it)
Francois Harvey
fharvey@securiweb.net
SecuriWeb inc.
IxokaI wrote:
> Mmm, I don't know if its a function of won-just-don't-get-it or not :)
> We use our Wiki *extensively* for development documentation, including
> quite a bit of stuff which customers Should Not Know.
>
> We also use it for Tech Support FAQ's and knowledge base articles. We
> like them being in the same system, but by virtue of content, we like
> being able to link between them easily.... but by virtue of the
> content, not everyone should see some of this stuff.
>
> E.g., i'm +1 on such a feature. Been thinking on it, may do it myself.
> But dunno if how I do it will be good for Trac-users in general; my
> Notification stuff (must update to make it compatible with current
> stuff) was a bit too complicated(but featureful :)) for the general
> userbase.
>
> On Tue, 13 Jul 2004 10:31:54 -0500, Daragh Fitzpatrick
> <daragh@uchicago.edu> wrote:
>
>>Hi,
>>
>> are there any plans to have a wiki that will have a public and a
>>private section - I know this is not in the spirit of the tool, but is
>>necessary for acceptance by those pointy-haired bosses (Dilbert ref)
>>who-just-don't-get-it.
>>
>>Cheers,
>>
>> :D
>>
>>--------------------------------------------------------------------
>>Daragh Fitzpatrick Daragh@UChicago.edu (773) 702-8976
>>
>>Solutions Architect NSIT Administrative Systems
>>Renewal Projects and Architecture University of Chicago
>>--------------------------------------------------------------------
>>
>>_______________________________________________
>>Trac mailing list
>>Trac@lists.edgewall.com
>>http://lists.edgewall.com/mailman/listinfo/trac
>>
>
> _______________________________________________
> Trac mailing list
> Trac@lists.edgewall.com
> http://lists.edgewall.com/mailman/listinfo/trac
-------------- next part --------------
Index: trac/core.py
===================================================================
--- trac/core.py (revision 813)
+++ trac/core.py (working copy)
@@ -157,13 +157,14 @@
module.db = db
module.perm = perm.PermissionCache(module.db, req.authname)
module.perm.add_to_hdf(req.hdf)
- module.authzperm = None
+ # module.authzperm = None
+ module.authzperm = authzperm.AuthzPermission(env,req.authname)
# Only open the subversion repository for the modules that really
# need it. This saves us some precious time.
if need_svn:
import sync
- module.authzperm = authzperm.AuthzPermission(env,req.authname)
+# module.authzperm = authzperm.AuthzPermission(env,req.authname)
repos_dir = env.get_config('trac', 'repository_dir')
pool, rep, fs_ptr = open_svn_repos(repos_dir)
module.repos = rep
Index: trac/authzperm.py
===================================================================
--- trac/authzperm.py (revision 813)
+++ trac/authzperm.py (working copy)
@@ -67,6 +67,31 @@
acc = self.conf_authz.get(section_name ,self.auth_name)
return acc
+ def wiki_permission(self, name):
+ acc = 'rw'
+ if name != None and self.conf_authz != None:
+ if self.conf_authz.has_section(self.module_name + '_wiki:/') and \
+ self.conf_authz.has_option(self.module_name + '_wiki:/',
+ self.auth_name):
+ acc = self.conf_authz.get(self.module_name + '_wiki:/',self.auth_name)
+
+ path_comb = ''
+ for path_ele in name.split('/'):
+ if path_ele != '':
+ path_comb = path_comb + '/' + path_ele
+ section_name = self.module_name + '_wiki:' + path_comb
+ if self.conf_authz.has_section(section_name) and \
+ self.conf_authz.has_option(section_name,self.auth_name):
+ acc = self.conf_authz.get(section_name ,self.auth_name)
+
+ return acc
+
+ def wiki_read_permission(self,name):
+ return self.wiki_permission(name) != ''
+
+ def wiki_write_permission(self, name):
+ return self.wiki_permission(name) == 'rw'
+
def assert_permission (self, path):
if self.has_permission(path) == '':
raise AuthzPermissionError()
Index: trac/Wiki.py
===================================================================
--- trac/Wiki.py (revision 813)
+++ trac/Wiki.py (working copy)
@@ -50,10 +50,12 @@
class WikiPage:
"""WikiPage: Represents a wiki page (new or existing).
"""
- def __init__(self, name, version, perm, db):
+ def __init__(self, name, version, perm, db,authzperm):
self.db = db
self.name = name
self.perm = perm
+ self.authzperm = authzperm
+
cursor = self.db.cursor ()
if version:
cursor.execute ('SELECT version, text, readonly FROM wiki '
@@ -63,19 +65,27 @@
cursor.execute ('SELECT version, text, readonly FROM wiki '
'WHERE name=%s ORDER BY version DESC LIMIT 1', name)
row = cursor.fetchone()
- if row:
- self.new = 0
- self.version = int(row[0])
- self.text = row[1]
- self.readonly = row[2] and int(row[2]) or 0
- else:
- self.version = 0
- self.text = 'describe %s here' % name
- self.new = 1
- self.readonly = 0
- self.old_readonly = self.readonly
- self.modified = 0
-
+ if self.authzperm.wiki_read_permission(name):
+ if row:
+ self.new = 0
+ self.version = int(row[0])
+ self.text = row[1]
+ self.readonly = row[2] and int(row[2]) or 0
+ else:
+ self.version = 0
+ self.text = 'describe %s here' % name
+ self.new = 1
+ self.readonly = 0
+ self.old_readonly = self.readonly
+ self.modified = 0
+ else:
+ self.new = 0
+ self.text = 'Access to %s is deny' % name
+ self.readonly = 1
+ self.version = 0
+ self.old_readonly = self.readonly
+ self.modified = 0
+
def set_content (self, text):
self.modified = self.text != text
self.text = text
@@ -88,9 +98,12 @@
self.perm.assert_permission (perm.WIKI_MODIFY)
if self.readonly:
self.perm.assert_permission (perm.WIKI_ADMIN)
-
+ if not self.authzperm.wiki_write_permission(self.name):
+ raise TracError('Write access is deny')
+
cursor = self.db.cursor ()
- if not self.modified and self.readonly != self.old_readonly:
+
+ if not self.modified and self.readonly != self.old_readonly:
cursor.execute ('UPDATE wiki SET readonly=%s WHERE name=%s and VERSION=%s',
self.readonly, self.name, self.version - 1)
self.db.commit ()
@@ -213,8 +226,8 @@
self.req.hdf.setValue('wiki.action', 'save')
elif edit:
self.perm.assert_permission (perm.WIKI_MODIFY)
- self.req.hdf.setValue('wiki.action', 'edit')
- self.req.hdf.setValue('title', name + ' (edit)')
+ self.req.hdf.setValue('wiki.action', 'edit')
+ self.req.hdf.setValue('title', name + ' (edit)')
elif preview:
self.req.hdf.setValue('wiki.action', 'preview')
self.req.hdf.setValue('title', name + ' (preview)')
@@ -245,7 +258,7 @@
self.env.get_attachments_hdf(self.db, 'wiki', name, self.req.hdf,
'wiki.attachments')
- self.page = WikiPage(name, version, self.perm, self.db)
+ self.page = WikiPage(name, version, self.perm, self.db, self.authzperm)
if self.args.has_key('text'):
self.page.set_content (self.args.get('text'))
else: