Ok, that works :)
One final thing - is there a way (using PermissionCache) to check
whether a user simply has *any* permissions in a project? (As opposed to
a specific permission).
Thanks
- Josh
On 19/4/2010 4:06 PM, Noah Kantrowitz wrote:
req.environ['REMOTE_USER'] should work just fine AFAIK (it will be blank if the user
didn't provide HTTP auth information. You can use that to create a PermissionCache object
for the user against each env and then check for a permission. Not the easiest thing in
the world, but it works. This is similar to what the tracforge project list does, it just
does it in the context of a "root project" for a first pass (and then checks
sub-env permissions).
--Noah
On Apr 18, 2010, at 9:11 PM, Josh Godsiff wrote:
Ok, but assuming we went down that route, I don't quite see how that side-steps
the need to validate users against whether they have permissions with a
particular Trac instance. Currently, we're validating against the root, and
then if a user tries to access a project they're not a part of, they simply get
a error telling them they don't have WHATEVER_VIEW permissions for that project.
Ideally, we'd have some central database containing usernames and
project-access permissions, but the fact that each Trac instance has it's own
DB, and that those DBs doesn't actually contain much in the way of user-data
makes that solution something of a PITA.
Is it possible to access any of the information Apache/Mod Python passes in
within the 'send_project_index' context. (i.e. the username). If that is, it'd
be fairly trivial to filter based on whether such-and-such a username has an
entry in a particular project.
On 19/4/2010 1:25 PM, Noah Kantrowitz wrote:
The problem is Trac sessions are unique to an instance, so they don't work
outside that context. If you are just requiring HTTP login on the base URL, you
might be able to do something very custom, but it is probably just easier to
grab your favorite webapp framework and write something in that.
--Noah
On Apr 18, 2010, at 5:55 PM, Josh Godsiff wrote:
Is there no way to retrieve the permissions from within that context? The code
in that section suggests each enviroment is instantiated in order to pull data
from it. Or am I looking at this from the wrong side, and it's the
authentication information that is unavailable, and not the permissions
themselves?
We'd like to avoid setting up some sort of 'main' Trac instance, if possible,
since our eventual aim is to do some fairly complicated and involved things
which I imagine would be quite painful/cludgy to shoehorn into Trac's
individual Project system.
Thanks
- Josh
On 16/4/2010 5:38 PM, Itamar O wrote:
Maybe you can set up a "main company Trac site"
that will function as a "gateway" for clients.
In the main Trac you can build custom lists of projects
linking the their respective Trac sites, and assign permissions
to the lists to your clients (using e.g. [1]).
If you're looking for something fancier, you can probably write
your own plugin (macro?) in that main Trac site that will generate
the project list dynamically based on authenticated user permissions.
Your list-generating plugin can use the XmlRpcPlugin [2] to iterate
over the available Trac sites, and check permissions against them.
Itamar.
[1] http://trac-hacks.org/wiki/PrivateWikiPlugin
[2] http://trac-hacks.org/wiki/XmlRpcPlugin
On Fri, Apr 16, 2010 at 9:02 AM, Noah Kantrowitz<[email protected]> wrote:
The project index exists outside of the context of an actual Trac, so nothing
that fancy exists. I think I got the TracForge subproject thingy working in
0.11, so I suppose thats an option. Beyond that, you would have to build your
own little webapp for this.
--Noah
On Apr 15, 2010, at 6:43 PM, Josh Godsiff wrote:
My company is working on extending the functionality of Trac so we can use it
as a bug-tracking system for out clients' problems (as opposed to just our
internal tracker).
We'd like to extend the Project Index page to show all the projects for which a
particular user (authenticated using the usual Apache-based authentication
mechanisms) has any permissions to view.
Can anyone suggest a good solution for handling this? I've tried testing
against req.perm and req.authname in the 'send_project_index' function of
/web/main.py, however, neither of these variables apparently exist in this
context, and I don't know enough about Trac's inner workings to troubleshoot
that.
Thanks
- Josh
--
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en.
--
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en.
--
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en.
--
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en.
--
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en.
--
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en.
