def _get_authz_info(self):
try:
mtime = os.path.getmtime(self.authz_file)
except OSError as e:
if self._authz is not None:
self.log.error('Error accessing authz file: %s',
exception_to_unicode(e))
self._mtime = mtime = 0
self._authz = None
self._users = set()
if mtime != self._mtime:
self._mtime = mtime
rm = RepositoryManager(self.env)
modules = set(repos.reponame
for repos in rm.get_real_repositories())
if '' in modules and self.authz_module_name:
modules.add(self.authz_module_name)
modules.add('')
self.log.info('Parsing authz file: %s', self.authz_file)
try:
self._authz = parse(read_file(self.authz_file), modules)
self._users = set(user for paths in self._authz.itervalues()
for path in paths.itervalues()
for user, result in path.iteritems()
if result)
except Exception as e:
self._authz = None
self._users = set()
self.log.error('Error parsing authz file: %s',
exception_to_unicode(e))
return self._authz, self._users
def _get_authz_info(self):
if not self.authz_file:
self.log.error("The [svn] authz_file configuration option in "
"trac.ini is empty or not defined")
raise ConfigurationError()
try:
mtime = os.path.getmtime(self.authz_file)
except OSError as e:
self.log.error("Error accessing svn authz permission policy "
"file: %s", exception_to_unicode(e))
raise ConfigurationError()
if mtime != self._mtime:
self._mtime = mtime
rm = RepositoryManager(self.env)
modules = set(repos.reponame
for repos in rm.get_real_repositories())
if '' in modules and self.authz_module_name:
modules.add(self.authz_module_name)
modules.add('')
self.log.info("Parsing authz file: %s", self.authz_file)
try:
self._authz = parse(self.authz_file, modules)
except ParsingError as e:
self.log.error("Error parsing svn authz permission policy "
"file: %s", exception_to_unicode(e))
raise ConfigurationError()
else:
self._users = {user
for paths in self._authz.itervalues()
for path in paths.itervalues()
for user, result in path.iteritems()
if result}
return self._authz, self._users
def getTable(filepath, tab_name, mod=None):
if isinstance(filepath, str):
path = {filepath : tab_name}
for p in path:
if mod:
with open(p) as f:
cont = f.read()
with open(p.replace('.tex', '_mod.tex'), 'w') as f:
f.write(mod(cont))
path[p.replace('.tex', '._mod.tex') ] = path.pop(p)
return dict(
(t+'.tex', p)
for p, t in path.iteritems()
).items()
class AuthzSourcePolicy(Component):
"""Permission policy for `source:` and `changeset:` resources using a
Subversion authz file.
`FILE_VIEW` and `BROWSER_VIEW` permissions are granted as specified in the
authz file.
`CHANGESET_VIEW` permission is granted for changesets where `FILE_VIEW` is
granted on at least one modified file, as well as for empty changesets.
"""
implements(IPermissionPolicy)
authz_file = PathOption(
'trac', 'authz_file', '', """The path to the Subversion
[http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html authorization (authz) file].
To enable authz permission checking, the `AuthzSourcePolicy` permission
policy must be added to `[trac] permission_policies`.
""")
authz_module_name = Option(
'trac', 'authz_module_name', '',
"""The module prefix used in the `authz_file` for the default
repository. If left empty, the global section is used.
""")
_mtime = 0
_authz = {}
_users = set()
_handled_perms = frozenset([(None, 'BROWSER_VIEW'),
(None, 'CHANGESET_VIEW'), (None, 'FILE_VIEW'),
(None, 'LOG_VIEW'), ('source', 'BROWSER_VIEW'),
('source', 'FILE_VIEW'),
('source', 'LOG_VIEW'),
('changeset', 'CHANGESET_VIEW')])
# IPermissionPolicy methods
def check_permission(self, action, username, resource, perm):
realm = resource.realm if resource else None
if (realm, action) in self._handled_perms:
authz, users = self._get_authz_info()
if authz is None:
return False
if username == 'anonymous':
usernames = ('$anonymous', '*')
else:
usernames = (username, '$authenticated', '*')
if resource is None:
return True if users & set(usernames) else None
rm = RepositoryManager(self.env)
try:
repos = rm.get_repository(resource.parent.id)
except TracError:
return True # Allow error to be displayed in the repo index
if repos is None:
return True
modules = [resource.parent.id or self.authz_module_name]
if modules[0]:
modules.append('')
def check_path(path):
path = '/' + join(repos.scope, path)
if path != '/':
path += '/'
# Allow access to parent directories of allowed resources
if any(
section.get(user) is True
for module in modules for spath, section in authz.get(
module, {}).iteritems() if spath.startswith(path)
for user in usernames):
return True
# Walk from resource up parent directories
for spath in parent_iter(path):
for module in modules:
section = authz.get(module, {}).get(spath)
if section:
for user in usernames:
result = section.get(user)
if result is not None:
return result
if realm == 'source':
return check_path(resource.id)
elif realm == 'changeset':
changes = list(repos.get_changeset(resource.id).get_changes())
if not changes or any(
check_path(change[0]) for change in changes):
return True
def _get_authz_info(self):
try:
mtime = os.path.getmtime(self.authz_file)
except OSError, e:
if self._authz is not None:
self.log.error('Error accessing authz file: %s',
exception_to_unicode(e))
self._mtime = mtime = 0
self._authz = None
self._users = set()
if mtime > self._mtime:
self._mtime = mtime
rm = RepositoryManager(self.env)
modules = set(repos.reponame
for repos in rm.get_real_repositories())
if '' in modules and self.authz_module_name:
modules.add(self.authz_module_name)
modules.add('')
self.log.info('Parsing authz file: %s' % self.authz_file)
try:
self._authz = parse(read_file(self.authz_file), modules)
self._users = set(user for paths in self._authz.itervalues()
for path in paths.itervalues()
for user, result in path.iteritems()
if result)
except Exception, e:
self._authz = None
self._users = set()
self.log.error('Error parsing authz file: %s',
exception_to_unicode(e))
