[Trac] Centralizing permissions for a research lab

[Sarah George]

Hello,

I'd like to know if there is a simpler way to do this:

Our research group develops a number of projects and generally has a 
small staff. We want all current staff to have fairly complete access to 
trac. We want previous staff and "friends" of the group to have limited 
access. And we want some central idea of what "anonymous" people can 
access (which is causing a bit of debate as some people don't want 
anything accessible by "anonymous" and making RSS readers log in to the 
feed is a messy affair)

Anyway, I've centralized our permissions by making a commented 
permissions file that lists names, groups and actions.

Then I wrote a script (actually, two scripts but that's a minor detail) 
that use sqlite to replace the "permission" table in trac/*/db/trac.db 
with the permissions from my central file.

This means that however many projects we get, by re-running this script 
new projects will get the existing users set and new users can be added 
to all projects at once.

I'm about to modify my "addproject" script (that creates the svn and 
trac databases) to call this "set permissions" script automatically but 
I thought I'd throw the question out there in case someone has a "right 
way" to do it.

-- Sarah