FineGrainedPermissions, FineGrainedPageAuthzEditorPlugin and HtGroupEditorPlugin troubles
33 views
Skip to first unread message
Joost Kraaijeveld
Nov 10, 2013, 7:48:37 AM11/10/13
to trac-...@googlegroups.com
Hi,
I am having troubles configuring FineGrainedPermissions in Trac. I have
tried configuring it manually, using an authzpolicy.conf with he
following content:
[wiki:*]
[wiki:WikiStart*]
[wiki:WikiStart@*]
[wiki:WikiStart]
jkr = WIKI_VIEW
* = !WIKI_VIEW
I expected that jkr could see the WikiStart and nobody else. But
everyone can see it, it looks as if the conf file is ignored. The
trac.log file shows the following when I access Trac with an anonymous
user:
root@panoramix:/var/lib/trac/testtrac/log# tail -f trac.log | egrep '\[perm\]|\[authz_policy\]' | grep WikiStart
2013-11-10 13:37:05,016 Trac[authz_policy] DEBUG: Checking WIKI_VIEW on wiki:WikiStart@*
2013-11-10 13:37:05,025 Trac[authz_policy] DEBUG: Checking ATTACHMENT_CREATE on wiki:WikiStart@*/attachment:*@*
2013-11-10 13:37:05,025 Trac[authz_policy] DEBUG: Checking WIKI_MODIFY on wiki:WikiStart@*
2013-11-10 13:37:05,025 Trac[perm] DEBUG: No policy allowed anonymous performing WIKI_MODIFY on <Resource u'wiki:WikiStart'>
2013-11-10 13:37:05,025 Trac[perm] DEBUG: LegacyAttachmentPolicy denies anonymous performing ATTACHMENT_CREATE on <Resource u'wiki:WikiStart, attachment'>
2013-11-10 13:37:05,041 Trac[authz_policy] DEBUG: Checking WIKI_ADMIN on wiki:WikiStart@*
2013-11-10 13:37:05,041 Trac[perm] DEBUG: No policy allowed anonymous performing WIKI_ADMIN on <Resource u'wiki:WikiStart'>
2013-11-10 13:37:05,063 Trac[authz_policy] DEBUG: Checking WIKI_DELETE on wiki:WikiStart@*
2013-11-10 13:37:05,063 Trac[perm] DEBUG: No policy allowed anonymous performing WIKI_DELETE on <Resource u'wiki:WikiStart'>
2013-11-10 13:37:05,063 Trac[authz_policy] DEBUG: Checking WIKI_RENAME on wiki:WikiStart@*
2013-11-10 13:37:05,063 Trac[perm] DEBUG: No policy allowed anonymous performing WIKI_RENAME on <Resource u'wiki:WikiStart'>
I also have the FineGrainedPageAuthzEditorPlugin installed. It does not
not show the contents of my authzpolicy.conf . Entering the text above
leads to an Oops:
Trac detected an internal error:
TypeError: coercing to Unicode: need string or buffer, NoneType found
And my last problem is the groups file. What is the syntax of that file?
Is there a working example available?
I have the HtGroupEditorPlugin installed, but if I use the following as
content, it refuses to read the file and gives me an error:
[groups]
admins = jkr
devs = jkr
And the error is:
Trac detected an internal error:
IndexError: list index out of range
Anyone any idea how I could sole thsi?
TIA
Joost
I am having troubles configuring FineGrainedPermissions in Trac. I have
tried configuring it manually, using an authzpolicy.conf with he
following content:
[wiki:*]
[wiki:WikiStart*]
[wiki:WikiStart@*]
[wiki:WikiStart]
jkr = WIKI_VIEW
* = !WIKI_VIEW
I expected that jkr could see the WikiStart and nobody else. But
everyone can see it, it looks as if the conf file is ignored. The
trac.log file shows the following when I access Trac with an anonymous
user:
root@panoramix:/var/lib/trac/testtrac/log# tail -f trac.log | egrep '\[perm\]|\[authz_policy\]' | grep WikiStart
2013-11-10 13:37:05,016 Trac[authz_policy] DEBUG: Checking WIKI_VIEW on wiki:WikiStart@*
2013-11-10 13:37:05,025 Trac[authz_policy] DEBUG: Checking ATTACHMENT_CREATE on wiki:WikiStart@*/attachment:*@*
2013-11-10 13:37:05,025 Trac[authz_policy] DEBUG: Checking WIKI_MODIFY on wiki:WikiStart@*
2013-11-10 13:37:05,025 Trac[perm] DEBUG: No policy allowed anonymous performing WIKI_MODIFY on <Resource u'wiki:WikiStart'>
2013-11-10 13:37:05,025 Trac[perm] DEBUG: LegacyAttachmentPolicy denies anonymous performing ATTACHMENT_CREATE on <Resource u'wiki:WikiStart, attachment'>
2013-11-10 13:37:05,041 Trac[authz_policy] DEBUG: Checking WIKI_ADMIN on wiki:WikiStart@*
2013-11-10 13:37:05,041 Trac[perm] DEBUG: No policy allowed anonymous performing WIKI_ADMIN on <Resource u'wiki:WikiStart'>
2013-11-10 13:37:05,063 Trac[authz_policy] DEBUG: Checking WIKI_DELETE on wiki:WikiStart@*
2013-11-10 13:37:05,063 Trac[perm] DEBUG: No policy allowed anonymous performing WIKI_DELETE on <Resource u'wiki:WikiStart'>
2013-11-10 13:37:05,063 Trac[authz_policy] DEBUG: Checking WIKI_RENAME on wiki:WikiStart@*
2013-11-10 13:37:05,063 Trac[perm] DEBUG: No policy allowed anonymous performing WIKI_RENAME on <Resource u'wiki:WikiStart'>
I also have the FineGrainedPageAuthzEditorPlugin installed. It does not
not show the contents of my authzpolicy.conf . Entering the text above
leads to an Oops:
Trac detected an internal error:
TypeError: coercing to Unicode: need string or buffer, NoneType found
And my last problem is the groups file. What is the syntax of that file?
Is there a working example available?
I have the HtGroupEditorPlugin installed, but if I use the following as
content, it refuses to read the file and gives me an error:
[groups]
admins = jkr
devs = jkr
And the error is:
Trac detected an internal error:
IndexError: list index out of range
Anyone any idea how I could sole thsi?
TIA
Joost
RjOllos
Nov 11, 2013, 5:24:40 AM11/11/13
to trac-...@googlegroups.com
Have you followed all of the steps at?:
You'll need to enable the plugin, add the permission policy, install the ConfigObj package and add the `authz_file` configuration directive to trac.ini.
What version of Trac are you running? There have been several improvements to handling error conditions in the configuration of TracFineGrainedPermissions on 1.0-stable, but they haven't been packages in a formal release yet.
I also have the FineGrainedPageAuthzEditorPlugin installed. It does not
not show the contents of my authzpolicy.conf . Entering the text above
leads to an Oops:
Trac detected an internal error:
TypeError: coercing to Unicode: need string or buffer, NoneType found
FineGrainedPageAuthzEditorPlugin doesn't handle conditions well when TracFineGrainedPermissions is not properly configured. I'll take a look at improving it. The ideas in ticket #11172 may eventually help you:
And my last problem is the groups file. What is the syntax of that file?
Is there a working example available?
I don't have any experience with the groups file, but you'll probably want to consult the Apache documentation. I'm not certain this is the correct page, but it looks right to me:
Reply all
Reply to author
Forward
0 new messages