| | 12 | Syntax: {{{ (action_name) = enabled|disabled }}}, where: |
| | 13 | * (action_name): The action/permission you want to add. Will auto capitalized in Trac. |
| | 14 | * enabled|disabled: If the action is enabled/disabled. |
| | 15 | |
| | 16 | Examples: |
| | 17 | {{{ |
| | 18 | [configuratable-permission] |
| | 19 | view_bug_ticket = enabled |
| | 20 | view_bug_wiki = enabled |
| | 21 | }}} |
| | 22 | |
| | 23 | === Custom permission rules/policy |
| | 24 | Supports for adding custom permission rules to ticket and wiki system. |
| | 25 | |
| | 26 | To enable this function, first add 'ConfigurablePermissionPolicy' to {{{permission_policies}}} option, prior to DefaultPermissionPolicy recommanded. |
| | 27 | {{{ |
| | 28 | [trac] |
| | 29 | permission_policies = ConfigurablePermissionPolicy,ReadonlyWikiPolicy,DefaultPermissionPolicy,LegacyAttachmentPolicy |
| | 30 | }}} |
| | 31 | |
| | 32 | Syntax for a custom permission rule:{{{(rule_name) = ticket|wiki, (action), (matching_condition), (permission), (result)}}}, where: |
| | 33 | * (rule_name): The rule name, which does not really affect the function of rule. However the trac will auto sort the trac.ini, and order of rules matters, so the naming should consider sorting. |
| | 34 | * ticket|wiki: Whether the rule applies to ticket system or wiki system. |
| | 35 | * (action): What action triggers the rule. Can be set to empty or '*' to match all actions, or set to a specific action such as 'TICKET_VIEW' |
| | 36 | * (matching_condition): Only those objects that match the conditions apply to the rule. |
| | 37 | * for ticket permission rule, it can be set to empty or '*' to match all tickets, or set to a query such as 'type=bug' |
| | 38 | * for wiki permission rule, it matches the name of wiki |
| | 39 | * (permission): Those users with given permission applies to the rule. Can be set to empty or '*' which means everyone. Can be used with custom permission mentioned above, such as 'VIEW_BUG_TICKET' |
| | 40 | * (result): What will the permission system do to matched objects, can be one of the following values: |
| | 41 | * allow: Explicitly allow this action, no further policy group will be applied. |
| | 42 | * allow-only: Explicitly allow this action, and deny all other users without the given permission. No further policy group will be applied. |
| | 43 | * deny: Explicitly deny this action, No further policy group will be applied. |
| | 44 | * pass: Leave this action to further policy groups, such as DefaultPermissionPolicy. Recommanded against 'allow'. |
| | 45 | * pass-only: Leave this action to further policy groups, such as DefaultPermissionPolicy, and deny all other users without the given permission. Recommanded against 'allow-only'. |
| | 46 | |
| | 47 | Examples: |
| | 48 | {{{ |
| | 49 | [configuratable-permission-rules] |
| | 50 | view_bug = ticket, TICKET_VIEW, type=bug, VIEW_BUG_TICKET, pass-only |
| | 51 | }}} |
| | 52 | This rule reads: 'Pass user with VIEW_BUG_TICKET permission for viewing tickets that matches type=bug, and deny those users without VIEW_BUG_TICKET permission' |
| | 53 | This rule is equivalent to: |
| | 54 | {{{ |
| | 55 | view_bug1 = ticket, TICKET_VIEW, type=bug, *, deny |
| | 56 | view_bug2 = ticket, TICKET_VIEW, type=bug, VIEW_BUG_TICKET, pass |
| | 57 | }}} |
| | 58 | |
| | 59 | {{{ |
| | 60 | [configuratable-permission-rules] |
| | 61 | view_feature_wiki = wiki, *, Feature, VIEW_BUG_WIKI, deny |
| | 62 | }}} |
| | 63 | This rule reads: 'Deny all user with VIEW_BUG_WIKI permission for all actions to wiki naming Feature' |
