wiki:WikiRbacPatch

Version 4 (modified by puffy, 9 years ago) (diff)

--

Role-Based Access Control for the Trac Wiki

Description

WikiRBAC modifies the trac.wiki.web_ui component to enforce Role-Based Access Control. Roles are configured as groups within the subversion authz file and ACLs are specified identically to subversion permissions, with the addition of 'c', 'd', and 'a' options, which control creation, deletion, and administration permissions respectively.

This patch has been written against Trac v0.9.2. See also AuthzWebadminPlugin

Note

As of [382], with the exception of WIKI_ADMIN permissions, WikiRBAC can not increase a user's permissions. It can only limit them. That is, if user jru does not have WIKI_MODIFY permission, then telling WikiRBAC to let him modify some page or subwiki will not work. The user jru must have WIKI_MODIFY permission and WikiRBAC authorization in order to modify a page or subwiki.

Bugs/Feature Requests

Existing bugs and feature requests for WikiRbacPatch are here.

If you have any issues, create a new ticket.

Download

Download the zipped source from here.

Source

You can check out WikiRbacPatch from here using Subversion, or browse the source with Trac.

Example

Install the patch.
Add the following to trac.ini's [wiki] section:
authz_svn_module_name = tracwiki
authorization_mode = require_all #(or 'require_one', or 'none' if you want RBAC disabled)

Just as an example, one might add to the subversion authz file (or set the authz_file directive in the wiki section to something appropriate):

[groups]
example = mrfoo,mrsbaz
losers = somedude

[tracwiki:/]

  • = r

[tracwiki:/WikiStart]
@example = a #give admin permissions
[tracwiki:/somepath/sample]
@losers = rwc #give the losers group permissions to read, edit, and create wiki pages.

Recent Changes

[634] by puffy on 2006-04-09 21:08:54
WikiRbacPatch:

Integrate heinlein@…'s modifications (see ticket #221) to get WikiRBAC to apply on > 0.9.2.

[388] by puffy on 2006-01-20 20:41:21
WikiRbacPatch:

Fix the calling semantics on WikiAuthorizer so it takes a permission system rather than a request.

[382] by puffy on 2006-01-20 14:46:32
WikiRbacPatch:

Initial import of the WikiRBAC patch.

Author/Contributors

Author: puffy
Contributors:

TagIt(patch,puffy,alpha,unsupported,0.9)?