trac.perm – the Trac permission system

Interfaces

class trac.perm.IPermissionRequestor

Bases: trac.core.Interface

Extension point interface for components that define actions.

get_permission_actions()

Return a list of actions defined by this component.

The items in the list may either be simple strings, or (string, sequence) tuples. The latter are considered to be “meta permissions” that group several simple actions under one name for convenience, adding to it if another component already defined that name.

class trac.perm.IPermissionStore

Bases: trac.core.Interface

Extension point interface for components that provide storage and management of permissions.

get_user_permissions()

Return a list of permissions for the specified user.

get_users_with_permissions()

Return a list of users that have any of the specified permissions.

get_all_permissions()

Return all permissions for all users.

The permissions are returned as a list of (subject, action) formatted tuples.

grant_permission(action)

Grant a user permission to perform an action.

revoke_permission(action)

Revokes the permission of the given user to perform an action.

class trac.perm.IPermissionGroupProvider

Bases: trac.core.Interface

Extension point interface for components that provide information about user groups.

get_permission_groups()

Return a list of names of the groups that the user with the specified name is a member of.

class trac.perm.IPermissionPolicy

Bases: trac.core.Interface

A security policy provider used for fine grained permission checks.

check_permission(username, resource, perm)

Check that the action can be performed by username on the resource

Parameters:
  • action – the name of the permission
  • username – the username string or ‘anonymous’ if there’s no authenticated user
  • resource – the resource on which the check applies. Will be None, if the check is a global one and not made on a resource in particular
  • perm – the permission cache for that username and resource, which can be used for doing secondary checks on other permissions. Care must be taken to avoid recursion.
Returns:

True if action is allowed, False if action is denied, or None if indifferent. If None is returned, the next policy in the chain will be consulted.

Note that when checking a permission on a realm resource (i.e. when id is None), this usually corresponds to some preliminary check done before making a fine-grained check on some resource. Therefore the IPermissionPolicy should be conservative and return:

  • True if the action can be allowed for some resources in that realm. Later, for specific resource, the policy will be able to return True (allow), False (deny) or None (don’t decide).
  • None if the action can not be performed for some resources. This corresponds to situation where the policy is only interested in returning False or None on specific resources.
  • False if the action can not be performed for any resource in that realm (that’s a very strong decision as that will usually prevent any fine-grained check to even happen).

Note that performing permission checks on realm resources may seem redundant for now as the action name itself contains the realm, but this will probably change in the future (e.g. 'VIEW' in ...).

Components

class trac.perm.PermissionSystem

Bases: trac.core.Component

Permission management sub-system.

requestors

List of components that implement IPermissionRequestor

group_providers

List of components that implement IPermissionGroupProvider

store

Name of the component implementing IPermissionStore, which is used for managing user and group permissions.

policies

List of components implementing IPermissionPolicy, in the order in which they will be applied. These components manage fine-grained access control to Trac resources.

grant_permission(username, action)

Grant the user with the given name permission to perform to specified action.

Raises:PermissionExistsError – if user already has the permission or is a member of the group.
Since 1.3.1:raises PermissionExistsError rather than IntegrityError
revoke_permission(username, action)

Revokes the permission of the specified user to perform an action.

get_actions_dict(skip=None)

Get all actions from permission requestors as a dict.

The keys are the action names. The values are the additional actions granted by each action. For simple actions, this is an empty list. For meta actions, this is the list of actions covered by the action.

Since 1.0.17:added skip argument.
get_actions(skip=None)

Get a list of all actions defined by permission requestors.

get_groups_dict()

Get all groups as a dict.

The keys are the group names. The values are the group members.

Since:1.1.3
get_users_dict()

Get all users as a dict.

The keys are the user names. The values are the actions possessed by the user.

Since:1.1.3
get_user_permissions(username=None, undefined=False, expand_meta=True)

Return the permissions of the specified user.

The return value is a dictionary containing all the actions granted to the user mapped to True.

Parameters:
  • undefined – if True, include actions that are not defined in any of the IPermissionRequestor implementations.
  • expand_meta – if True, expand meta permissions.
Since 1.3.1:

added the undefined parameter.
Since 1.3.3:

added the expand_meta parameter.
get_permission_groups(username)

Return a sorted list of groups that username belongs to.

Groups are recursively expanded such that if username is a member of group1 and group1 is a member of group2, both group1 and group2 will be returned.

Since:1.3.3
get_all_permissions()

Return all permissions for all users.

The permissions are returned as a list of (subject, action) formatted tuples.

get_users_with_permission(permission)

Return all users that have the specified permission.

Users are returned as a list of user names.

expand_actions(actions)

Helper method for expanding all meta actions.

check_permission(action, username=None, resource=None, perm=None)

Return True if permission to perform action for the given resource is allowed.

get_permission_actions()

Implement the global TRAC_ADMIN meta permission.

class trac.perm.DefaultPermissionGroupProvider

Bases: trac.core.Component

Permission group provider providing the basic builtin permission groups ‘anonymous’ and ‘authenticated’.

class trac.perm.DefaultPermissionPolicy

Bases: trac.core.Component

Default permission policy using the IPermissionStore system.

class trac.perm.DefaultPermissionStore

Bases: trac.core.Component

Default implementation of permission storage and group management.

This component uses the permission table in the database to store both permissions and groups.

group_providers

List of components that implement IPermissionGroupProvider

get_permission_groups(username)

Return a list of names of the groups that the user with the specified name is a member of.

get_user_permissions(username)

Retrieve a list of permissions for the given user.

The permissions are stored in the database as (username, action) records. There’s simple support for groups by using lowercase names for the action column: such a record represents a group and not an actual permission, and declares that the user is part of that group.

get_users_with_permissions(permissions)

Retrieve a list of users that have any of the specified permissions

Users are returned as a list of usernames.

get_all_permissions()

Return all permissions for all users.

The permissions are returned as a list of (subject, action) formatted tuples.

grant_permission(username, action)

Grants a user the permission to perform the specified action.

revoke_permission(username, action)

Revokes a users’ permission to perform the specified action.

class trac.perm.PermissionAdmin

Bases: trac.core.Component

trac-admin command provider for permission system administration.

Exceptions

exception trac.perm.PermissionError(action=None, resource=None, env=None, msg=None)

Bases: trac.core.TracBaseError

Insufficient permissions to perform the operation.

exception trac.perm.PermissionExistsError(message, title=None, show_traceback=False)

Bases: trac.core.TracError

Thrown when a unique key constraint is violated.

If the message contains a p or div element it will be rendered directly. Use the message class on the p or div element to style as a red box. Otherwise, the message should be plain text or contain only inline elements and will be wrapped in a p element and rendered in a red box.

If title is given, it will be displayed as the large header above the error message.

Miscellaneous

class trac.perm.PermissionCache(env, username=None, resource=None, cache=None, groups=None)

Bases: object

Cache that maintains the permissions of a single user.

Permissions are usually checked using the following syntax:

‘WIKI_MODIFY’ in perm

One can also apply more fine grained permission checks and specify a specific resource for which the permission should be available:

‘WIKI_MODIFY’ in perm(‘wiki’, ‘WikiStart’)

If there’s already a page object available, the check is simply:

‘WIKI_MODIFY’ in perm(page.resource)

If instead of a check, one wants to assert that a given permission is available, the following form should be used:

perm.require(‘WIKI_MODIFY’)

or

perm(‘wiki’, ‘WikiStart’).require(‘WIKI_MODIFY’)

or

perm(page.resource).require(‘WIKI_MODIFY’)

When using require, a PermissionError exception is raised if the permission is missing.