Hello, at first, sorry if this post is offtopic here, since I'm not a trac developer, but only try to develop a plugin for trac and I cant find a better place.
I try to develop a plugin that enables trac to lookup system groups, when trac tries to get groups of a trac user (to match them with trac permission groups). Unfortunately I'm not very involved in apache-python web development within Trac. Still, I wrote a tiny plugin http://trac-hacks.org/browser/tracsysgroupsplugin/0.11/trunk/sysgroups/sysgroups.py #############code####### import pwd, grp from trac.core import * from trac.config import * from trac.perm import IPermissionGroupProvider __all__ = ['SysGroups'] class SysGroups(Component): implements(IPermissionGroupProvider) # IPermissionGroupProvider interface method def get_permission_groups(self, username): groups = [] for p in grp.getgrall(): if username in p[3] : groups.append(p[0]) self.env.log.debug('sysgroups found for %s = %s' % (username, ','.join(groups))) return groups #############code####### to accomplish lookup of systemgroups instead of default use the trac.perm.DefaultPermissionGroupProvider. The resulting behavior is realy strange (for me). My general basic autentication is done by apache modules mod-auth-pam and mod-auth-sys-groups, this works fine. I have 3 different Tac (0.11.1) projects hosted on a apache 2.2/linux virtual hosts ssl configuration. If I logon as a valid pam user with valid systemgroup after a apache startup, everything seems to work (apache auth, lookup of systemgroups, trac gives right permissions. ). But now it comes : if I try to call the second Trac project on the server in my webbrowser, I will be asked vor my credentials again and basic /pam auth works fine, again. But out of a reason, I dont understand, my sysgroups plugin doesnt work in trac anymore. I dont arive on the first site of the selected project, but get this error : Error: Forbidden WIKI_VIEW privileges are required to perform this operation on WikiStart obviously, I havn't got no permissions. (I completly removed anonymous and authenticated in favour of my sysgroups) It seems to my like a serversided problem, because doing anything of : - restart browser / try an other browser - try an other valid user wont help. Only if I restart apache, I can log into any project the fist time for one time, but changing project again will show same behavior (for all valid users). My first idea was, that there is some problem with permission caching within DefaultPermissionStore component, but I cant figure it out. I use different basic realms for all prjects and when I change to a second trac project in my webbrowser, I get asked for my credential again, apache says "ok" but trac doesnt seem to evaluate user group memberships in this case. If anybody has an idea, where to start poking around, I woul be happy ! Best regards Peter --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en -~----------~----~----~----~------~----~------~--~---
