Changes between Version 4 and Version 5 of WikiRbacPatch


Ignore:
Timestamp:
Jan 20, 2006, 6:08:12 PM (9 years ago)
Author:
puffy
Comment:

Cleanup formatting and clarify options.

Legend:

Unmodified
Added
Removed
Modified
  • WikiRbacPatch

    v4 v5  
    3131
    3232Install the patch.[[BR]]
    33 Add the following to trac.ini's [wiki] section:[[BR]]
    34 authz_svn_module_name = tracwiki[[BR]]
    35 authorization_mode = require_all #(or 'require_one', or 'none' if you want RBAC disabled)[[BR]]
     33Add the following to trac.ini's [wiki] section:
     34{{{
     35authz_svn_module_name = tracwiki
     36authorization_mode = require_all
     37#authz_file = <path_to_some_authz_file> (optional)
     38}}}
    3639
     40=== Notes ===
     41The {{{authz_svn_module}}} directive specifies which subversion module to masquerade as. Recall that an authz section is of the form [ [module]:path ]. Leaving this empty is a bad idea.[[BR]]
     42The {{{authorization_mode}}}  option tells the wiki authorization subsystem how to behave. Since the module exposes an extension point, plugins can be written to provide other authorization methods -- specifically, those that are not based around Subversion's Authz file. A setting of {{{require_all}}} means that every authorizer must successfully authorize an operation in order for that operation to be authorized. In contrast, {{{require_one}}} (to be renamed to {{{require_any}}} needs at least one authorizer to approve an operation in order that operation be authorized. Not including this directive, or setting it to any other string (such as {{{none}}}) will result in the RBAC system being deactivated.[[BR]]
     43The {{{authz_file}}} option specifies a path to a file in authz format. This is intended to allow the wiki component to get its authorization from a different file than Subversion's authz, or to provide an authz file when Subversion is not being used.
    3744Just as an example, one might add to the subversion authz file (or set the authz_file directive in the wiki section to something appropriate):
    3845
    39 
    40 [groups][[BR]]
    41 example = mrfoo,mrsbaz[[BR]]
     46{{{
     47[groups]
     48example = mrfoo,mrsbaz
    4249losers = somedude
    4350
    44 [tracwiki:/][[BR]]
    45 * = r[[BR]]
    46 [tracwiki:/WikiStart][[BR]]
    47 @example = a #give admin permissions[[BR]]
    48 [tracwiki:/somepath/sample][[BR]]
    49 @losers = rwc #give the losers group permissions to read, edit, and create wiki pages.
     51[tracwiki:/]
     52* = r #give everyone read access
    5053
     54[tracwiki:/WikiStart]
     55@example = a #give admin permission to the example group.
     56
     57[tracwiki:/somepath/sample]
     58@losers = rwc #give the losers group authorization to read, edit, and create wiki pages.
     59}}}
    5160== Recent Changes ==
    5261