Hi, After upgrading to from 0.11 to 0.12 I actually spend a busy day figuring out how to use the new way of fine grained permission policy. I ended up with some annoying and some actually scaring results I like to share. Mind that I could be wrong in how I used the new setup so please feel free to correct me or chase me away to the users group.
1.) Combining authz file of svn access and trac access will fail since svn won't like ANY part of the Trac specific definitions in the authz files and will therefore break. -> Solution: two separate authz files, one for the SVN access rules and one for the Trac rules, this means actually duplicatiing the user and group defintions, but see 2 2.) AFAICT fine grained permisson access (tracopt.perm.authz_policy.*=true) is not group aware (see #4224). In detail I found out that only anonyous and authenicated are recognised. All other groups in the authz file are simply ignored. This makes it very hard to use the fine grained permissions in a proper way. 3.) The worst thing is that Trac will obey non of the svn permissions given by the authz file that controls the svn access. Anybody with BROWSER_VIEW will now be able to browse the WHOLE source tree regardless what the svn auhtz defines. In my case I had to take away BROWSER_VIEW from all anonymous users (very irritating) just I have some private folders in the repo. The worrying thing really is that I wasn't aware of problem 3.) and only found out by accident. Such a change should have been anounced in BIG RED letters before the release and the inability to assign permissions to groups (this worked before via authzgroups plugin) should have been a BLOCKER for 0.12. Maybe I've just done the configuration wrong and all the above items can be handled (in that case I'm eager to learn how ;) ). Regards, HeX -- You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to trac-...@googlegroups.com. To unsubscribe from this group, send email to trac-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en.
