IndexError: list index out of range

[ntmlod]

I got this error when I browse to the authz permissions page just after installation

File "/usr/lib/python2.7/site-packages/trac/web/main.py", line 497, in _dispatch_request
  dispatcher.dispatch(req)
File "/usr/lib/python2.7/site-packages/trac/web/main.py", line 214, in dispatch
  resp = chosen_handler.process_request(req)
File "/usr/lib/python2.7/site-packages/trac/admin/web_ui.py", line 125, in process_request
  path_info)
File "build/bdist.linux-x86_64/egg/page_authz_policy_editor/pape_admin.py", line 58, in render_admin_panel
  group_details = self._get_groups_and_members()
File "build/bdist.linux-x86_64/egg/page_authz_policy_editor/pape_admin.py", line 138, in _get_groups_and_members
  group_members = group_line.split(':', 2)[1].split(' ')

I modified the script to parse with the good delimiters

group_name = group_line.split('=', 1)[0]
group_members = group_line.split('=', 1)[1].split(',')

Not better.

My authz file seems to be fine as it is handled by Trac and another plugin wiki:TracSvnAuthzPlugin.

[Ryan J Ollos]

The authz file should be specified in the [authz_policy] authz_file option. I suspect you have specified an authz file in the [htgroups] group_file option. That option is used for an ​htgroup file, which does have a colon delimiter.

[Ryan J Ollos]

In 17347:

0.12.1dev: Improve error checking for empty option

Refs #13538.

[Ryan J Ollos]

In 17348:

0.12.1dev: Require min Trac version

Refs #13538.

[ntmlod]

In fact, the same file is referenced three times in the Trac configuration but not in a [htgroups] section:

[account-manager]
group_file = /path/to/svn/conf/authz_trac

[authz_policy]
authz_file = /path/to/svn/conf/authz_trac

[trac]
authz_file = /path/to/svn/conf/authz_trac

The plugin updated, I got the same error.

[Ryan J Ollos]

Please remove the [account-manager] group_file option.

The [trac] authz_file option is for a Subversion authz file for fine-grained access control to the repository. This is a Subversion feature that Trac utilizes. You should also remove that option.

The [authz_policy] authz_file option is for the TracFineGrainedPermissions file, for access control of all Trac realms.

I'll circle back and try to improve the FineGrainedPageAuthzEditorPlugin#FileLocations documentation.

[ntmlod]

Thanks for the explanation, I was a bit puzzled by the several references to authz and wondered why having different options.
I cleaned trac.ini and got back to the initial error just after the installation: it complains about the missing of a group file which seems to be inescapable as the code stands now.

More generally, I ask myself if I follow the good way in order to manage the different groups by centralizing all configurations in one file (groups, Trac and SVN).

What about having 3 different files with the following trac.ini

[account-manager]
group_file = /path/to/group_file
(`[groups]` section in `htgroup` syntax: colon with space delimiter)

[authz_policy]
authz_file = /path/to/trac/authzpolicy.conf
(Trac global permissions with [*] section)

[trac]
authz_file = /path/to/svn/conf/authz
(SVN authorizations with [/] section)

Does it seems feasible? Do you recommend something else?

[Edit] I forgot to mention that I want to delegate the management of groups and so the access of the group file.
I think I would at least to have in the same authz file the groups definition followed by SVN per-path authorizations.

[ntmlod]

I thought I could use this plugin without a proper group_file and then after I tried to get this working with a group_file in the wrong authz syntax (Trac style instead of Apache style).

[Ryan J Ollos]

Replying to ntmlod:

I cleaned trac.ini and got back to the initial error just after the installation: it complains about the missing of a group file which seems to be inescapable as the code stands now.

Confirmed. However, I think it should work fine with no group file if we just remove the error checking, which I will do in the next commit.

[Ryan J Ollos]

In 17399:

0.12.1dev: Make the group_file optional

Refs #13538.

[Ryan J Ollos]

Replying to ntmlod:

More generally, I ask myself if I follow the good way in order to manage the different groups by centralizing all configurations in one file (groups, Trac and SVN).

What about having 3 different files with the following trac.ini

[account-manager]
group_file = /path/to/group_file
(`[groups]` section in `htgroup` syntax: colon with space delimiter)

[authz_policy]
authz_file = /path/to/trac/authzpolicy.conf
(Trac global permissions with [*] section)

[trac]
authz_file = /path/to/svn/conf/authz
(SVN authorizations with [/] section)

Does it seems feasible? Do you recommend something else?

That looks fine, and I think you should be able to skip using the group_file now, if you want.

[Edit] I forgot to mention that I want to delegate the management of groups and so the access of the group file.
I think I would at least to have in the same authz file the groups definition followed by SVN per-path authorizations.

I haven't worked with Apache group file syntax much. I agree it's confusing how the 3 files are applied to Trac permissions. If you still have questions, please post to the ​MailingList and we can try to get it sorted out.