[Trac] Fancy permissions?

Peter Fein pfein at pobox.com
Mon Jun 20 17:48:54 CDT 2005 

Matthew Good wrote:
> On Sun, 2005-06-19 at 11:57 -0500, Peter Fein wrote:
> 
>>Hiya-
>>
>>I'm trying to figure out how to configure Trac to meet my needs.  I'm
>>really looking forward to using it - should be a lot more effective than
>> my current setup (CVS/emails sitting in my inbox).
>>
>>A little background: I've got a core group of developers who will have
>>full access to the system.  We also have a few outside contractors who I
>>want to prevent from viewing most of the source/bugs/wiki pages. The
>>contractors do require support from / interaction with the in-house
>>developers.  I'd like to keep things as integrated as possible to keep
>>life simple.
>>
>>I'm unclear if Trac can do permissions for the repository browser.  No,
>>according to:
>>http://projects.edgewall.com/trac/wiki/TracBrowser
>>
>>but yes, according to:
>>http://projects.edgewall.com/trac/wiki/FineGrainedPermissions
> 
> 
> Oops, the TracBrowser page is out of date.  You can use the SVN authz
> file to restrict access to files in the repository as
> FineGrainedPermissions indicates.  The only caveat for Trac 0.8.x is
> that it does not support groups.  This has been added for the future 0.9
> release.

Thanks.

> 
>>Based on the docs, the permissions seem to be more like roles -
>>view/edit *ALL* bugs, etc., rather than on a per-bug basis.  It'd be
>>nice to restrict access to bugs based on component, assignee/reporter or
>>CC. I'm a little less clear what this would mean for wiki pages.
>>
>>Is this doable?  Any suggestions on how to make this happen (perhaps
>>with macros)?  My best thought ATM is to set up two projects pointing to
>>the same repository - one for internal use only & one for use by both
>>in-house developers and contractors.  Less than ideal...
> 
> 
> For the Wiki there is some ability to control editing of certain pages.
> Users with the WIKI_ADMIN permission can mark pages as "read-only" and
> then only other users with WIKI_ADMIN can edit those pages.  

Ok, but I need to restrict *viewing* for a subset of pages as well.

> It would also be possible to structure your pages with a path prefix
> such as: PrivateWiki/SomePrivatePage.  Then in your Apache config you
> could restrict access so only certain users can access locations under
> PrivateWiki.  

Hmmm, but this won't work for bugs.  Looks like I'll need to set up two
copies. ;(  Any chance this sort of functionality will make it in to the
1.0 release?  I may be able to route some $$$ your way if that would
speed things along or allocate some developer time to a patch - though
assistance from others (on either front) would help in convincing my
boss (Udo?).

-- 
Peter Fein                 pfein at pobox.com                 773-575-0694

Basically, if you're not a utopianist, you're a schmuck. -J. Feldman

More information about the Trac mailing list