[Trac-dev] Developing a "superuser" simple plugin

Thu, 26 Jul 2007 05:44:23 -0700 

Hi, 

I'm working on a small plugin for Trac. We user AccountManager and an
external htusers.digest file for storing users and passwords for all
available projects.

I want to have an 'admin' superuser which has TRAC_ADMIN permissions
without having to give the permission in every existing project.

This is my approach. I'm creating a plugin that implements
IPermissionStore. I want my plugin to replace the current
PermissionStore (set on trac.ini), whatever it is. All methods in my
permission store call the previous permission store methods, except for
get_user_permissions(), where I check if the username is 'admin', then
always return 'TRAC_ADMIN'. Also, in get_all_permissions(), I add the
tuple ('admin', 'TRAC_ADMIN') to the permissions list.

In the __init__ method I try to save the previous PermissionStore, and
set a new one in PermissionSystem.store, but apparently it doesn't
work. 

Summary:

1. In trac.ini, permission_store = DefaultPermissionStore (or any
others, not my own PermissionStore)
2. When my plugin loads, save PermissionSystem.store as old_store, and
set my own PermissionStore (SuperUserPlugin) which will wrap the current
store methods.
3. When IPermissionStore methods are called, my wrapper will invoke the
old_store methods after checking some conditions.

Problem is: Apparently, the plugin is loaded and active

The code for the plugin is:

-------------- Begin code ------------------

class SuperUserPlugin(Component):
    """ Adds a superuser with TRAC_ADMIN permissions """
    implements(IPermissionStore)
    
    def __init__(self):

        #Replace current PermissionStore
        perm_system = PermissionSystem(self.env)
        self.default_store = getattr(perm_system,'store')
        setattr(perm_system, 'store', self)

        #The following will fail with "Attribute can't be set"
        #perm_system.store = self

    def get_user_permissions(self, username):
        if username == 'admin':
            return ['TRAC_ADMIN']
        return self.default_store.get_user_permissions(username)
        
    def get_all_permissions(self):
        return self.default_store.get_all_permissions() \
            + ('admin', 'TRAC_ADMIN')
        
    def grant_permission(self, username, action):
        return self.default_store.grant_permission(username, action)
        
    def revoke_permission(self, username, action):
        return self.default_store.revoke_permission(username, action)

-------------- End code ------------------

Thanks very much, any help will be appreciated.

-- 
--------------------------------------

        Álvaro J. Iradier Muro
     [EMAIL PROTECTED]

   AM&B - Dept. de Desarrollo e I+D

Attachment: signature.asc
Description: Esta parte del mensaje está firmada digitalmente

Reply via email to