#654: Fine grained permissions for Wiki pages
-------------------------+--------------------------------------------------
Reporter: MishaS | Owner: utopiste
Type: enhancement | Status: assigned
Priority: normal | Milestone:
Component: wiki | Version: 0.7.1
Severity: normal | Resolution:
Keywords: authz |
-------------------------+--------------------------------------------------
Comment (by dcrosta):
as observed above, the ACLs in MoinMoin are quite powerful, but sometimes
confusing. moreover, the text-based ACLs mixed in with the wiki page
itself is confusing, and not necessary considering that Trac uses a
relational data store rather than a single flat text file for each wiki
page. i'm imagining something like this:
1. store ACLs as a separate table, which references a role name (a
'group', a user, or 'anonymous' or 'authorized') and a wiki page, and
also the permission (view, edit, delete) and sense (allowed or denied)
1. evaluate ACLs with this precedence: username, groups, specials (anon
or auth), and when there's a conflict with several groups having differing
permissions, take the most permissive (this is debatable, but i think the
most permissive makes most sense)
1. when no rule matches (wiki page, user, action), fall back on the
global rules as set through `trac-admin`
unfortunately, this places some of the access control out of the scope of
what the webadmin plugin can currently handle... there'd need to be
improvements in that interface as well as an interface in the wiki pages
themselves to control this
the interface in the wiki page could list each user/group for which a rule
is defined, and allow the user to select the sense for each action --
allowed, denied or no rule.
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/654>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets
