Mercurial > genshi > genshi-test
diff examples/trac/wiki-default/TracPermissions @ 39:71ecbe90aafc
Copy Trac to main branch.
author | cmlenz |
---|---|
date | Mon, 03 Jul 2006 18:53:27 +0000 |
parents | |
children |
line wrap: on
line diff
new file mode 100644 --- /dev/null +++ b/examples/trac/wiki-default/TracPermissions @@ -0,0 +1,100 @@ += Trac Permissions = +[[TracGuideToc]] + +Trac uses a simple but flexible permission system to control what users can and can't access. + +Permission privileges are managed using the [wiki:TracAdmin trac-admin] tool. + +Regular visitors, non-authenticated users, accessing the system are assigned the default +role (''user'') named {{{anonymous}}}. +Assign permissions to the {{{anonymous}}} user to set privileges for non-authenticated/guest users. + +In addition to these privileges users can be granted additional individual +rights in effect when authenticated and logged into the system. + +== Available Privileges == + +To enable all privileges for a user, use the `TRAC_ADMIN` permission. Having `TRAC_ADMIN` is like being `root` on a *NIX system, it will let you do anything you want. + +Otherwise, individual privileges can be assigned to users for the various different functional areas of Trac: + +=== Repository Browser === + +|| `BROWSER_VIEW` || View directory listings in the [wiki:TracBrowser repository browser] || +|| `LOG_VIEW` || View revision logs of files and directories in the [wiki:TracBrowser repository browser] || +|| `FILE_VIEW` || View files in the [wiki:TracBrowser repository browser] || +|| `CHANGESET_VIEW` || View [wiki:TracChangeset repository check-ins] || + +=== Ticket System === + +|| `TICKET_VIEW` || View existing [wiki:TracTickets tickets] and perform [wiki:TracQuery ticket queries] || +|| `TICKET_CREATE` || Create new [wiki:TracTickets tickets] || +|| `TICKET_APPEND` || Add comments or attachments to [wiki:TracTickets tickets] || +|| `TICKET_CHGPROP` || Modify [wiki:TracTickets ticket] properties || +|| `TICKET_MODIFY` || Includes both `TICKET_APPEND` and `TICKET_CHGPROP`, and in addition allows resolving [wiki:TracTickets tickets] || +|| `TICKET_ADMIN` || All `TICKET_*` permissions, plus the deletion of ticket attachments. || + +=== Roadmap === + +|| `MILESTONE_VIEW` || View a milestone || +|| `MILESTONE_CREATE` || Create a new milestone || +|| `MILESTONE_MODIFY` || Modify existing milestones || +|| `MILESTONE_DELETE` || Delete milestones || +|| `MILESTONE_ADMIN` || All `MILESTONE_*` permissions || +|| `ROADMAP_VIEW` || View the [wiki:TracRoadmap roadmap] page || +|| `ROADMAP_ADMIN` || Alias for `MILESTONE_ADMIN` (deprecated) || + +=== Reports === + +|| `REPORT_VIEW` || View [wiki:TracReports reports] || +|| `REPORT_SQL_VIEW` || View the underlying SQL query of a [wiki:TracReports report] || +|| `REPORT_CREATE` || Create new [wiki:TracReports reports] || +|| `REPORT_MODIFY` || Modify existing [wiki:TracReports reports] || +|| `REPORT_DELETE` || Delete [wiki:TracReports reports] || +|| `REPORT_ADMIN` || All `REPORT_*` permissions || + +=== Wiki System === + +|| `WIKI_VIEW` || View existing [wiki:TracWiki wiki] pages || +|| `WIKI_CREATE` || Create new [wiki:TracWiki wiki] pages || +|| `WIKI_MODIFY` || Change [wiki:TracWiki wiki] pages || +|| `WIKI_DELETE` || Delete [wiki:TracWiki wiki] pages and attachments || +|| `WIKI_ADMIN` || All `WIKI_*` permissions, plus the management of ''readonly'' pages. || + +=== Others === + +|| `TIMELINE_VIEW` || View the [wiki:TracTimeline timeline] page || +|| `SEARCH_VIEW` || View and execute [wiki:TracSearch search] queries || +|| `CONFIG_VIEW` || Enables additional pages on ''About Trac'' that show the current configuration or the list of installed plugins || + +== Granting Privileges == + +Currently the only way to grant privileges to users is by using the `trac-admin` script. The current set of privileges can be listed with the following command: +{{{ + $ trac-admin /path/to/projenv permission list +}}} + +This command will allow the user ''bob'' to delete reports: +{{{ + $ trac-admin /path/to/projenv permission add bob REPORT_DELETE +}}} + +== Permission Groups == + +Permissions can be grouped together to form roles such as ''developer'', ''admin'', etc. +{{{ + $ trac-admin /path/to/projenv permission add developer WIKI_ADMIN + $ trac-admin /path/to/projenv permission add developer REPORT_ADMIN + $ trac-admin /path/to/projenv permission add developer TICKET_MODIFY + $ trac-admin /path/to/projenv permission add bob developer + $ trac-admin /path/to/projenv permission add john developer +}}} + +== Default Permissions == + +Granting privileges to the special user ''anonymous'' can be used to control what an anonymous user can do before they have logged in. + +In the same way, privileges granted to the special user ''authenticated'' will apply to any authenticated (logged in) user. + +---- +See also: TracAdmin, TracGuide \ No newline at end of file