[Trac-dev] Re: [RFC] Attachment module permission handling

[Christian Boos]

osimons wrote:
> On Nov 15, 12:56 pm, Christian Boos <[EMAIL PROTECTED]> wrote:
>   
>> So what about something like that:
>>
>> class ILegacyAttachmentPolicyDelegate(Interface):
>>
>>     def check_attachment_permission(action, username, resource, perm):
>>         """Return the usual True/False/None security policy decision
>> appropriate for
>>             the requested action.
>>
>> -- Christian
>>     
>
> Beauty. That will do nicely. +1
>
>   

Can you please test that patch? (must be on top of r6159)

-- Christian

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac 
Development" group.
To post to this group, send email to trac-dev@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/trac-dev?hl=en
-~----------~----~----~----~------~----~------~--~---


diff -r 00aae733dce3 trac/attachment.py
--- a/trac/attachment.py        Thu Nov 15 16:42:35 2007 +0100
+++ b/trac/attachment.py        Thu Nov 15 16:49:42 2007 +0100
@@ -79,6 +79,26 @@ class IAttachmentManipulator(Interface):
         attachment. Therefore, a return value of `[]` means everything is
         OK."""
 
+class ILegacyAttachmentPolicyDelegate(Interface):
+    """Interface that can be used by plugins to seemlessly participate to the
+       legacy way of checking for attachment permissions.
+
+       This should no longer be necessary once it becomes easier to 
+       setup fine-grained permissions in the default permission store.
+    """
+
+    def check_attachment_permission(action, username, resource, perm):
+        """Return the usual True/False/None security policy decision
+           appropriate for the requested action on an attachment.
+
+            :param action: one of ATTACHEMENT_VIEW, ATTACHMENT_CREATE,
+                                  ATTACHMENT_DELETE
+            :param username: the user string
+            :param resource: the `Resource` for the attachment. Note that when
+                             ATTACHMENT_CREATE is checked, the resource `.id`
+                             will be `None`. 
+            :param perm: the permission cache for that username and resource
+            """
 
 
 class Attachment(object):
@@ -695,6 +715,8 @@ class LegacyAttachmentPolicy(Component):
 class LegacyAttachmentPolicy(Component):
 
     implements(IPermissionPolicy)
+    
+    delegates = ExtensionPoint(ILegacyAttachmentPolicyDelegate)
 
     # IPermissionPolicy methods
 
@@ -719,3 +741,9 @@ class LegacyAttachmentPolicy(Component):
                                    'access to %s. User needs %s' %
                                    (username, resource, legacy_action))
             return decision
+        else:
+            for d in self.delegates:
+                decision = d.check_attachment_permission(action, username,
+                        resource, perm)
+                if decision is not None:
+                    return decision