|
39
|
1 = Trac Permissions =
|
|
|
2 [[TracGuideToc]]
|
|
|
3
|
|
|
4 Trac uses a simple but flexible permission system to control what users can and can't access.
|
|
|
5
|
|
|
6 Permission privileges are managed using the [wiki:TracAdmin trac-admin] tool.
|
|
|
7
|
|
|
8 Regular visitors, non-authenticated users, accessing the system are assigned the default
|
|
|
9 role (''user'') named {{{anonymous}}}.
|
|
|
10 Assign permissions to the {{{anonymous}}} user to set privileges for non-authenticated/guest users.
|
|
|
11
|
|
|
12 In addition to these privileges users can be granted additional individual
|
|
|
13 rights in effect when authenticated and logged into the system.
|
|
|
14
|
|
|
15 == Available Privileges ==
|
|
|
16
|
|
|
17 To enable all privileges for a user, use the `TRAC_ADMIN` permission. Having `TRAC_ADMIN` is like being `root` on a *NIX system, it will let you do anything you want.
|
|
|
18
|
|
|
19 Otherwise, individual privileges can be assigned to users for the various different functional areas of Trac:
|
|
|
20
|
|
|
21 === Repository Browser ===
|
|
|
22
|
|
|
23 || `BROWSER_VIEW` || View directory listings in the [wiki:TracBrowser repository browser] ||
|
|
|
24 || `LOG_VIEW` || View revision logs of files and directories in the [wiki:TracBrowser repository browser] ||
|
|
|
25 || `FILE_VIEW` || View files in the [wiki:TracBrowser repository browser] ||
|
|
|
26 || `CHANGESET_VIEW` || View [wiki:TracChangeset repository check-ins] ||
|
|
|
27
|
|
|
28 === Ticket System ===
|
|
|
29
|
|
|
30 || `TICKET_VIEW` || View existing [wiki:TracTickets tickets] and perform [wiki:TracQuery ticket queries] ||
|
|
|
31 || `TICKET_CREATE` || Create new [wiki:TracTickets tickets] ||
|
|
|
32 || `TICKET_APPEND` || Add comments or attachments to [wiki:TracTickets tickets] ||
|
|
|
33 || `TICKET_CHGPROP` || Modify [wiki:TracTickets ticket] properties ||
|
|
|
34 || `TICKET_MODIFY` || Includes both `TICKET_APPEND` and `TICKET_CHGPROP`, and in addition allows resolving [wiki:TracTickets tickets] ||
|
|
|
35 || `TICKET_ADMIN` || All `TICKET_*` permissions, plus the deletion of ticket attachments. ||
|
|
|
36
|
|
|
37 === Roadmap ===
|
|
|
38
|
|
|
39 || `MILESTONE_VIEW` || View a milestone ||
|
|
|
40 || `MILESTONE_CREATE` || Create a new milestone ||
|
|
|
41 || `MILESTONE_MODIFY` || Modify existing milestones ||
|
|
|
42 || `MILESTONE_DELETE` || Delete milestones ||
|
|
|
43 || `MILESTONE_ADMIN` || All `MILESTONE_*` permissions ||
|
|
|
44 || `ROADMAP_VIEW` || View the [wiki:TracRoadmap roadmap] page ||
|
|
|
45 || `ROADMAP_ADMIN` || Alias for `MILESTONE_ADMIN` (deprecated) ||
|
|
|
46
|
|
|
47 === Reports ===
|
|
|
48
|
|
|
49 || `REPORT_VIEW` || View [wiki:TracReports reports] ||
|
|
|
50 || `REPORT_SQL_VIEW` || View the underlying SQL query of a [wiki:TracReports report] ||
|
|
|
51 || `REPORT_CREATE` || Create new [wiki:TracReports reports] ||
|
|
|
52 || `REPORT_MODIFY` || Modify existing [wiki:TracReports reports] ||
|
|
|
53 || `REPORT_DELETE` || Delete [wiki:TracReports reports] ||
|
|
|
54 || `REPORT_ADMIN` || All `REPORT_*` permissions ||
|
|
|
55
|
|
|
56 === Wiki System ===
|
|
|
57
|
|
|
58 || `WIKI_VIEW` || View existing [wiki:TracWiki wiki] pages ||
|
|
|
59 || `WIKI_CREATE` || Create new [wiki:TracWiki wiki] pages ||
|
|
|
60 || `WIKI_MODIFY` || Change [wiki:TracWiki wiki] pages ||
|
|
|
61 || `WIKI_DELETE` || Delete [wiki:TracWiki wiki] pages and attachments ||
|
|
|
62 || `WIKI_ADMIN` || All `WIKI_*` permissions, plus the management of ''readonly'' pages. ||
|
|
|
63
|
|
|
64 === Others ===
|
|
|
65
|
|
|
66 || `TIMELINE_VIEW` || View the [wiki:TracTimeline timeline] page ||
|
|
|
67 || `SEARCH_VIEW` || View and execute [wiki:TracSearch search] queries ||
|
|
|
68 || `CONFIG_VIEW` || Enables additional pages on ''About Trac'' that show the current configuration or the list of installed plugins ||
|
|
|
69
|
|
|
70 == Granting Privileges ==
|
|
|
71
|
|
|
72 Currently the only way to grant privileges to users is by using the `trac-admin` script. The current set of privileges can be listed with the following command:
|
|
|
73 {{{
|
|
|
74 $ trac-admin /path/to/projenv permission list
|
|
|
75 }}}
|
|
|
76
|
|
|
77 This command will allow the user ''bob'' to delete reports:
|
|
|
78 {{{
|
|
|
79 $ trac-admin /path/to/projenv permission add bob REPORT_DELETE
|
|
|
80 }}}
|
|
|
81
|
|
|
82 == Permission Groups ==
|
|
|
83
|
|
|
84 Permissions can be grouped together to form roles such as ''developer'', ''admin'', etc.
|
|
|
85 {{{
|
|
|
86 $ trac-admin /path/to/projenv permission add developer WIKI_ADMIN
|
|
|
87 $ trac-admin /path/to/projenv permission add developer REPORT_ADMIN
|
|
|
88 $ trac-admin /path/to/projenv permission add developer TICKET_MODIFY
|
|
|
89 $ trac-admin /path/to/projenv permission add bob developer
|
|
|
90 $ trac-admin /path/to/projenv permission add john developer
|
|
|
91 }}}
|
|
|
92
|
|
|
93 == Default Permissions ==
|
|
|
94
|
|
|
95 Granting privileges to the special user ''anonymous'' can be used to control what an anonymous user can do before they have logged in.
|
|
|
96
|
|
|
97 In the same way, privileges granted to the special user ''authenticated'' will apply to any authenticated (logged in) user.
|
|
|
98
|
|
|
99 ----
|
|
|
100 See also: TracAdmin, TracGuide |
