On Sat, Apr 15, 2006 at 07:22:47AM +0200, solo turn wrote: > i think this is one of the best things what happened to trac recently. > thanks a lot! most valuable for us are negative permissions/denials, > as we just have a few pages which should not be seen by everybody.
Thanks, but don't get too excited just yet :). This is just an RFC. > the only thing which might need a little thinking is: how to use it in > a user friendly way. an example: > * i am not administrator > * i create a new wiki page > * i want to make it readable only for a group of people > * i want to create this group Yeah, I'm not quite sure how to handle this yet, it will probably need some thought as you say. A permission editing interface powerful enough to handle all scenarios would probably be quite complex, so putting it in the wiki/ticket/browser pages is probably not the best idea. > just to make sure as i could not judge it out of the code (searched > for "search"): > if i deny access to a wiki page to everybody, does it show up in the > search result? It does indeed. It also filters the timeline. I haven't updated the built-in macros like TitleIndex yet but they can easily be made to adhere to the new permission system. If you are concerned about security you'd have to ensure any plugins or macros you include don't bypass the new style permissions and allow inclusion of arbitrary pages, etc. Plugins like the Blog plugin, TOC, Tags, etc. would have this problem. PS. There's a new version of the patch up with some bugfixes. -- Evolution: Taking care of those too stupid to take care of themselves. _______________________________________________ Trac-dev mailing list [email protected] http://lists.edgewall.com/mailman/listinfo/trac-dev
