Changes between Version 9 and Version 10 of TracConfigurablePermissionPlugin


Ignore:
Timestamp:
Jan 15, 2018, 10:03:20 PM (6 years ago)
Author:
figaro
Comment:

Cosmetic changes

Legend:

Unmodified
Added
Removed
Modified

  • TracConfigurablePermissionPlugin

    v9 v10  
    11[[PageOutline(2-5,Contents,pullout)]]
    22
    3 = TracConfigurablePermissionPlugin
     3= Configure permissions on tickets and wiki pages
     4
    45{{{#!box info
    5 NOT FULLY TESTED, USE WITH CAUTION!!
     6'''Caution''': this plugin has not been fully tested, please proceed with caution!
    67}}}
    78
    89== Description
    910
    10 This plugin provides configurable and powerful permission control to ticket and wiki system.
     11This plugin provides configurable and powerful permission control to Trac's ticket and wiki system.
    1112
    1213=== Custom Actions/Permissions
     14
    1315Supports for adding custom actions and permissions in trac.ini section {{{configurable-permission}}}.
    1416
    15 Syntax: {{{ (action_name) = enabled|disabled }}}, where:
    16  * (action_name): The action/permission you want to add. Will auto capitalized in Trac.
    17  * enabled|disabled: If the action is enabled/disabled.
     17Syntax: {{{(action_name) = enabled|disabled}}}, where:
     18 * (action_name): The action/permission you want to add. Will be auto capitalized in Trac.
     19 * enabled|disabled: Whether the action is enabled/disabled.
    1820
    1921Examples:
    20 {{{
     22{{{#!ini
    2123[configurable-permission]
    2224view_bug_ticket = enabled
     
    2527
    2628=== Custom permission rules/policy
    27 Supports for adding custom permission rules to ticket and wiki system.
    2829
    29 To enable this function, first add 'ConfigurablePermissionPolicy' to {{{permission_policies}}} option, prior to DefaultPermissionPolicy recommanded.
    30 {{{
     30Supports for adding custom permission rules to ticket and wiki system. This plugin would be useful in circumstances where more fine-grained control over what users can and cannot do to tickets or wiki pages is required.
     31
     32To enable this function, first add 'ConfigurablePermissionPolicy' to {{{permission_policies}}} option, and preferably prior to DefaultPermissionPolicy.
     33{{{#!ini
    3134[trac]
    3235permission_policies = ConfigurablePermissionPolicy,ReadonlyWikiPolicy,DefaultPermissionPolicy,LegacyAttachmentPolicy
    3336}}}
    3437
    35 Syntax for a custom permission rule:{{{(rule_name) = ticket|wiki, (action), (matching_condition), (permission), (result)}}}, where:
    36  * (rule_name): The rule name, which does not really affect the function of rule. However the trac will auto sort the trac.ini, and order of rules matters, so the naming should consider sorting.
    37  * ticket|wiki: Whether the rule applies to ticket system or wiki system.
    38  * (action): What action triggers the rule. Can be set to empty or '*' to match all actions, or set to a specific action such as 'TICKET_VIEW'
    39  * (matching_condition): Only those objects that match the conditions apply to the rule.
    40   * for ticket permission rule, it can be set to empty or '*' to match all tickets, or set to a query such as 'type=bug'
    41   * for wiki permission rule, it matches the name of wiki
    42  * (permission): Those users with given permission applies to the rule. Can be set to empty or '*' which means everyone. Can be used with custom permission mentioned above, such as 'VIEW_BUG_TICKET'
    43  * (result): What will the permission system do to matched objects, can be one of the following values:
    44   * allow: Explicitly allow this action, no further policy group will be applied.
    45   * allow-only: Explicitly allow this action, and deny all other users without the given permission. No further policy group will be applied.
    46   * deny: Explicitly deny this action, No further policy group will be applied.
    47   * pass: Leave this action to further policy groups, such as DefaultPermissionPolicy. Recommanded against 'allow'.
    48   * pass-only:  Leave this action to further policy groups, such as DefaultPermissionPolicy, and deny all other users without the given permission. Recommanded against 'allow-only'.
     38Syntax for a custom permission rule: {{{(rule_name) = ticket|wiki, (action), (matching_condition), (permission), (result)}}}, where:
     39 * `(rule_name)`: The rule name, which does not really affect the function of the rule. However, Trac will auto sort the trac.ini, and the order of rules matters, so the naming should consider sorting.
     40 * `ticket|wiki`: Whether the rule applies to tickets or the wiki.
     41 * `(action)`: What action triggers the rule. Can be set to empty or '*' to match all actions, or set to a specific action such as `TICKET_VIEW`.
     42 * `(matching_condition)`: Only those objects that match the conditions apply to the rule.
     43  * for ticket permission rule, it can be set to empty or '*' to match all tickets, or set to a query such as 'type=bug'.
     44  * for wiki permission rule, it matches the name of the wiki page.
     45 * `(permission)`: Those users with given permission applies to the rule. Can be set to empty or '*' which means everyone. Can be used with custom permission mentioned above, such as `VIEW_BUG_TICKET`.
     46 * `(result)`: What will the permission system do to matched objects, can be one of the following values:
     47  * `allow`: Explicitly allow this action, no further policy group will be applied.
     48  * `allow-only`: Explicitly allow this action, and deny all other users without the given permission. No further policy group will be applied.
     49  * `deny`: Explicitly deny this action, No further policy group will be applied.
     50  * `pass`: Leave this action to further policy groups, such as DefaultPermissionPolicy. Recommended against 'allow'.
     51  * `pass-only`: Leave this action to further policy groups, such as DefaultPermissionPolicy, and deny all other users without the given permission. Recommended against 'allow-only'.
    4952
    50 Example 1:
    51 {{{
     53'''Example 1''':
     54{{{#!ini
    5255[configurable-permission-rules]
    5356view_bug = ticket, TICKET_VIEW, type=bug, VIEW_BUG_TICKET, pass-only
    5457}}}
    55 This rule reads: 'Pass user with VIEW_BUG_TICKET permission for viewing tickets that matches type=bug, and deny those users without VIEW_BUG_TICKET permission'
     58This rule reads: Pass user with `VIEW_BUG_TICKET` permission for viewing tickets that matches type=bug, and deny those users without `VIEW_BUG_TICKET` permission.
    5659This rule is equivalent to:
    5760{{{
     
    5962view_bug2 = ticket, TICKET_VIEW, type=bug, VIEW_BUG_TICKET, pass
    6063}}}
    61 Important: the order of rules matters. Trac will auto sort trac.ini options according to option names, so make sure your rule name implies a correct order.
     64Important: the order of rules matters. Trac will auto sort the trac.ini options according to option names, so make sure your rule name implies a correct order.
    6265
    63 Example 2:
    64 {{{
     66'''Example 2''':
     67{{{#!ini
    6568[configurable-permission-rules]
    6669view_feature_wiki = wiki, *, Feature, VIEW_BUG_WIKI, deny
    6770}}}
    68 This rule reads: 'Deny all user with VIEW_BUG_WIKI permission for all actions to wiki naming Feature'
     71This rule reads: Deny all user with `VIEW_BUG_WIKI` permission for all actions to wiki naming feature.
    6972
    70 Example 3:
    71 {{{
     73'''Example 3''':
     74{{{#!ini
    7275[configurable-permission-rules]
    7376owner_edit_only = ticket, TICKET_EDIT, owner=$OWNER, *, allow-only
    7477}}}
    75 This rule reads: 'Only the owner of ticket can modify it.'
     78This rule reads: Only the owner of the ticket can modify it.
    7679
    7780== !Bugs/Feature Requests