On 5/29/07, solo turn <[EMAIL PROTECTED]> wrote:
>
> we experience as biggest problem that a user, without admin rights,
> and without access to the server cannot control the access. how could
> this security branch then help?
You could do it in many ways, the security merge simply gives plugin writers
the ability to create their own flexible security policy.
For your specific case, you could use something like the following (completely
untested, probably won't work, etc.). This should give you an idea of what to
do however.
class WikiContentACL(Component):
"""Use permissions embedded in Wiki pages in the form:
<perm>: <user> <user> ...
Where <perm> is one of the Wiki permissions.
"""
implements(IPermissionPolicy)
_perm_re =
re.compile(r'^\s*(WIKI_(?:ADMIN|CREATE|DELETE|MODIFY|VIEW)):\s*(.*)$',
re.M)
def check_permission(self, username, action, context):
if context.realm == 'wiki' and context.id:
# Original author always gets admin rights
original_page = WikiPage(self.env, context.id,
1)
if username == original_page.author:
return True
page = WikiPage(self.env, context.id,
context.version)
for permission, users in
self._perm_re.findall(page.text):
users = users.split()
if username in users:
permissions =
PermissionSystem(self.env).expand_actions([permission])
if action in permissions:
return True
return None
--
Evolution: Taking care of those too stupid to take care of themselves.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
