|Version 2 (modified by sto, 3 years ago) (diff)|
Plugin to remove Trac permissions using a blacklist and/or a whitelist.
This hack was born to be able to archive projects without touching the Trac database, the idea is to use the filter to disable all permissions that allow users to modify it without changing their permissions on the database and be able to restore the project to the original state simply disabling the filter.
To filter permissions as desired the plugin has to be the first one on the permission_policy list and it works as follows:
- If the blacklist is available and the permission being considered is on the list the check_permission function returns False and the permission evaluation stops.
- If the whitelist is available and the permission we are checking is not on the list the check_permission function returns False and the permission evaluation stops.
- If the evaluation gets here the permission is ignored by the plugin and the next permission policy is checked.
If you have any issues, create a new ticket.
Download the zipped source from here.
After enabling the plugin in your trac.ini:
tracpermissionfilter.* = enabled
Add a section with the list of permissions to allow:
[permission-filter] whitelist = BROWSER_VIEW,CHANGESET_VIEW,FILE_VIEW,LOG_VIEW,MILESTONE_VIEW,REPORT_SQL_VIEW,REPORT_VIEW,ROADMAP_VIEW,SEARCH_VIEW,TICKET_VIEW,TIMELINE_VIEW,WIKI_VIEW
or a list of permissions to deny:
[permission-filter] blacklist = BROWSER_VIEW
And remember to put the filter the first on your project permission_policies:
[trac] permission_policies = PermissionFilter, DefaultPermissionPolicy
-  by rjollos on 2014-05-07 23:26:21
Fixed indentation and replaced tabs with spaces. Fixes #11737.
-  by rjollos on 2012-10-10 03:54:13
Fixed incorrect source code encoding (http://www.python.org/dev/peps/pep-0263/).
-  by sto on 2011-10-28 18:08:29
Changed TRAC_ADMIN handig and renamed config option