def test_templates_need_update_true(self): """Templates need to be updated.""" self.env.config.set('notification', 'ticket_subject_template', '$prefix #$ticket.id: $summary') self.env.config.set('notification', 'batch_subject_template', '$prefix Batch modify: $tickets_descr') self.env.config.save() db45.do_upgrade(self.env, None, None) self.assertIn(('INFO', 'Replaced value of [notification] ' 'ticket_subject_template: $prefix #$ticket.id: ' '$summary -> ${prefix} #${ticket.id}: ${summary}'), self.env.log_messages) self.assertIn(('INFO', 'Replaced value of [notification] ' 'batch_subject_template: $prefix Batch modify: ' '$tickets_descr -> ${prefix} Batch modify: ' '${tickets_descr}'), self.env.log_messages) parser = UnicodeConfigParser() parser.read(self.env.config.filename) self.assertEqual('${prefix} #${ticket.id}: ${summary}', parser.get('notification', 'ticket_subject_template')) self.assertEqual('${prefix} Batch modify: ${tickets_descr}', parser.get('notification', 'batch_subject_template')) self.assertTrue(self._backup_file_exists())
def parse(authz_file, modules): """Parse a Subversion authorization file. Return a dict of modules, each containing a dict of paths, each containing a dict mapping users to permissions. Only modules contained in `modules` are retained. """ parser = UnicodeConfigParser(ignorecase_option=False) parser.read(authz_file) groups = {} aliases = {} sections = {} for section in parser.sections(): if section == 'groups': for name, value in parser.items(section): groups.setdefault(name, set()).update(to_list(value)) elif section == 'aliases': for name, value in parser.items(section): aliases[name] = value.strip() else: for name, value in parser.items(section): parts = section.split(':', 1) module, path = parts[0] if len(parts) > 1 else '', parts[-1] if module in modules: sections.setdefault((module, path), []) \ .append((name, value)) def resolve(subject, done): if subject.startswith('@'): done.add(subject) for members in groups[subject[1:]] - done: for each in resolve(members, done): yield each elif subject.startswith('&'): yield aliases[subject[1:]] else: yield subject authz = {} for (module, path), items in sections.iteritems(): section = authz.setdefault(module, {}).setdefault(path, {}) for subject, perms in items: readable = 'r' in perms # Ordering isn't significant; any entry could grant permission section.update((user, readable) for user in resolve(subject, set()) if not section.get(user)) return authz
class UnicodeParserTestCase(unittest.TestCase): def setUp(self): self.tempdir = tempfile.mkdtemp() self.filename = os.path.join(self.tempdir, 'config.ini') _write(self.filename, [ u'[ä]', u'öption = ÿ', u'[ä]', u'optīon = 1.1', u'[č]', u'ôption = ž', u'[č]', u'optïon = 1', u'[ė]', u'optioñ = true', ]) self.parser = UnicodeConfigParser() self._read() def tearDown(self): shutil.rmtree(self.tempdir) def _write(self): with open(self.filename, 'w') as f: self.parser.write(f) def _read(self): self.parser.read(self.filename) def test_sections(self): self.assertEqual([u'ä', u'č', u'ė'], self.parser.sections()) def test_add_section(self): self.parser.add_section(u'ē') self._write() self.assertEqual( u'[ä]\n' u'öption = ÿ\n' u'optīon = 1.1\n\n' u'[č]\n' u'ôption = ž\n' u'optïon = 1\n\n' u'[ė]\n' u'optioñ = true\n\n' u'[ē]\n\n', _read(self.filename)) def test_has_section(self): self.assertTrue(self.parser.has_section(u'ä')) self.assertTrue(self.parser.has_section(u'č')) self.assertTrue(self.parser.has_section(u'ė')) self.assertFalse(self.parser.has_section(u'î')) def test_options(self): self.assertEqual([u'öption', u'optīon'], self.parser.options(u'ä')) self.assertEqual([u'ôption', u'optïon'], self.parser.options(u'č')) def test_get(self): self.assertEqual(u'ÿ', self.parser.get(u'ä', u'öption')) self.assertEqual(u'ž', self.parser.get(u'č', u'ôption')) def test_items(self): self.assertEqual([(u'öption', u'ÿ'), (u'optīon', u'1.1')], self.parser.items(u'ä')) self.assertEqual([(u'ôption', u'ž'), (u'optïon', u'1')], self.parser.items(u'č')) def test_getint(self): self.assertEqual(1, self.parser.getint(u'č', u'optïon')) def test_getfloat(self): self.assertEqual(1.1, self.parser.getfloat(u'ä', u'optīon')) def test_getboolean(self): self.assertTrue(self.parser.getboolean(u'ė', u'optioñ')) def test_has_option(self): self.assertTrue(self.parser.has_option(u'ä', u'öption')) self.assertTrue(self.parser.has_option(u'ä', u'optīon')) self.assertTrue(self.parser.has_option(u'č', u'ôption')) self.assertTrue(self.parser.has_option(u'č', u'optïon')) self.assertTrue(self.parser.has_option(u'ė', u'optioñ')) self.assertFalse(self.parser.has_option(u'î', u'optioñ')) def test_set(self): self.parser.set(u'ä', u'öption', u'ù') self.parser.set(u'ė', u'optiœn', None) self._write() self.assertEqual( u'[ä]\n' u'öption = ù\n' u'optīon = 1.1\n\n' u'[č]\n' u'ôption = ž\n' u'optïon = 1\n\n' u'[ė]\n' u'optioñ = true\n' u'optiœn = \n\n', _read(self.filename)) def test_remove_option(self): self.parser.remove_option(u'ä', u'öption') self.parser.remove_option(u'ė', u'optioñ') self._write() self.assertEqual( u'[ä]\n' u'optīon = 1.1\n\n' u'[č]\n' u'ôption = ž\n' u'optïon = 1\n\n' u'[ė]\n\n', _read(self.filename)) def test_remove_section(self): self.parser.remove_section(u'ä') self.parser.remove_section(u'ė') self._write() self.assertEqual( u'[č]\n' u'ôption = ž\n' u'optïon = 1\n\n', _read(self.filename))
class AuthzPolicy(Component): """Permission policy using an authz-like configuration file. Refer to SVN documentation for syntax of the authz file. Groups are supported. As the fine-grained permissions brought by this permission policy are often used in complement of the other permission policies (like the `DefaultPermissionPolicy`), there's no need to redefine all the permissions here. Only additional rights or restrictions should be added. === Installation === Enabling this policy requires listing it in `trac.ini`:: {{{ [trac] permission_policies = AuthzPolicy, DefaultPermissionPolicy [authz_policy] authz_file = conf/authzpolicy.conf }}} This means that the `AuthzPolicy` permissions will be checked first, and only if no rule is found will the `DefaultPermissionPolicy` be used. === Configuration === The `authzpolicy.conf` file is a `.ini` style configuration file. - Each section of the config is a glob pattern used to match against a Trac resource descriptor. These descriptors are in the form:: {{{ <realm>:<id>@<version>[/<realm>:<id>@<version> ...] }}} Resources are ordered left to right, from parent to child. If any component is inapplicable, `*` is substituted. If the version pattern is not specified explicitely, all versions (`@*`) is added implicitly Example: Match the WikiStart page:: {{{ [wiki:*] [wiki:WikiStart*] [wiki:WikiStart@*] [wiki:WikiStart] }}} Example: Match the attachment ``wiki:WikiStart@117/attachment/FOO.JPG@*`` on WikiStart:: {{{ [wiki:*] [wiki:WikiStart*] [wiki:WikiStart@*] [wiki:WikiStart@*/attachment/*] [wiki:WikiStart@117/attachment/FOO.JPG] }}} - Sections are checked against the current Trac resource '''IN ORDER''' of appearance in the configuration file. '''ORDER IS CRITICAL'''. - Once a section matches, the current username is matched, '''IN ORDER''', against the keys of the section. If a key is prefixed with a `@`, it is treated as a group. If a key is prefixed with a `!`, the permission is denied rather than granted. The username will match any of 'anonymous', 'authenticated', <username> or '*', using normal Trac permission rules. Example configuration:: {{{ [groups] administrators = athomas [*/attachment:*] * = WIKI_VIEW, TICKET_VIEW [wiki:WikiStart@*] @administrators = WIKI_ADMIN anonymous = WIKI_VIEW * = WIKI_VIEW # Deny access to page templates [wiki:PageTemplates/*] * = # Match everything else [*] @administrators = TRAC_ADMIN anonymous = BROWSER_VIEW, CHANGESET_VIEW, FILE_VIEW, LOG_VIEW, MILESTONE_VIEW, POLL_VIEW, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_VIEW, SEARCH_VIEW, TICKET_CREATE, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW, WIKI_CREATE, WIKI_MODIFY, WIKI_VIEW # Give authenticated users some extra permissions authenticated = REPO_SEARCH, XML_RPC }}} """ implements(IPermissionPolicy) authz_file = PathOption('authz_policy', 'authz_file', '', "Location of authz policy configuration file. " "Non-absolute paths are relative to the " "Environment `conf` directory.") def __init__(self): self.authz = None self.authz_mtime = None self.groups_by_user = {} # IPermissionPolicy methods def check_permission(self, action, username, resource, perm): if not self.authz_mtime or \ os.path.getmtime(self.authz_file) != self.authz_mtime: self.parse_authz() resource_key = self.normalise_resource(resource) self.log.debug('Checking %s on %s', action, resource_key) permissions = self.authz_permissions(resource_key, username) if permissions is None: return None # no match, can't decide elif permissions == []: return False # all actions are denied # FIXME: expand all permissions once for all ps = PermissionSystem(self.env) for deny, perms in groupby(permissions, key=lambda p: p.startswith('!')): if deny and action in ps.expand_actions(p[1:] for p in perms): return False # action is explicitly denied elif action in ps.expand_actions(perms): return True # action is explicitly granted return None # no match for action, can't decide # Internal methods def parse_authz(self): self.log.debug("Parsing authz security policy %s", self.authz_file) if not self.authz_file: self.log.error("The `[authz_policy] authz_file` configuration " "option in trac.ini is empty or not defined.") raise ConfigurationError() try: self.authz_mtime = os.path.getmtime(self.authz_file) except OSError as e: self.log.error("Error parsing authz permission policy file: %s", exception_to_unicode(e)) raise ConfigurationError() self.authz = UnicodeConfigParser(ignorecase_option=False) try: self.authz.read(self.authz_file) except ParsingError as e: self.log.error("Error parsing authz permission policy file: %s", exception_to_unicode(e)) raise ConfigurationError() groups = {} if self.authz.has_section('groups'): for group, users in self.authz.items('groups'): groups[group] = to_list(users) self.groups_by_user = {} def add_items(group, items): for item in items: if item.startswith('@'): add_items(group, groups[item[1:]]) else: self.groups_by_user.setdefault(item, set()).add(group) for group, users in groups.iteritems(): add_items('@' + group, users) all_actions = set(PermissionSystem(self.env).get_actions()) authz_basename = os.path.basename(self.authz_file) for section in self.authz.sections(): if section == 'groups': continue for _, actions in self.authz.items(section): for action in to_list(actions): if action.startswith('!'): action = action[1:] if action not in all_actions: self.log.warning("The action %s in the [%s] section " "of %s is not a valid action.", action, section, authz_basename) def normalise_resource(self, resource): def to_descriptor(resource): id = resource.id return '%s:%s@%s' % (resource.realm or '*', id if id is not None else '*', resource.version or '*') def flatten(resource): if not resource: return ['*:*@*'] descriptor = to_descriptor(resource) if not resource.realm and resource.id is None: return [descriptor] # XXX Due to the mixed functionality in resource we can end up with # ticket, ticket:1, ticket:1@10. This code naively collapses all # subsets of the parent resource into one. eg. ticket:1@10 parent = resource.parent while parent and resource.realm == parent.realm: parent = parent.parent if parent: return flatten(parent) + [descriptor] else: return [descriptor] return '/'.join(flatten(resource)) def authz_permissions(self, resource_key, username): # TODO: Handle permission negation in sections. eg. "if in this # ticket, remove TICKET_MODIFY" if username and username != 'anonymous': valid_users = ['*', 'authenticated', 'anonymous', username] else: valid_users = ['*', 'anonymous'] for resource_section in [a for a in self.authz.sections() if a != 'groups']: resource_glob = resource_section if '@' not in resource_glob: resource_glob += '@*' if fnmatchcase(resource_key, resource_glob): for who, permissions in self.authz.items(resource_section): permissions = to_list(permissions) if who in valid_users or \ who in self.groups_by_user.get(username, []): self.log.debug("%s matched section %s for user %s", resource_key, resource_glob, username) if isinstance(permissions, basestring): return [permissions] else: return permissions return None
class UnicodeParserTestCase(unittest.TestCase): def setUp(self): self.tempdir = mkdtemp() self.filename = os.path.join(self.tempdir, 'config.ini') _write(self.filename, [ u'[ä]', u'öption = ÿ', u'[ä]', u'optīon = 1.1', u'[č]', u'ôption = ž', u'[č]', u'optïon = 1', u'[ė]', u'optioñ = true', ]) self.parser = UnicodeConfigParser() self._read() def tearDown(self): rmtree(self.tempdir) def _write(self): with open(self.filename, 'w') as f: self.parser.write(f) def _read(self): self.parser.read(self.filename) def test_sections(self): self.assertEqual([u'ä', u'č', u'ė'], self.parser.sections()) def test_add_section(self): self.parser.add_section(u'ē') self._write() self.assertEqual( u'[ä]\n' u'öption = ÿ\n' u'optīon = 1.1\n\n' u'[č]\n' u'ôption = ž\n' u'optïon = 1\n\n' u'[ė]\n' u'optioñ = true\n\n' u'[ē]\n\n', _read(self.filename)) def test_has_section(self): self.assertTrue(self.parser.has_section(u'ä')) self.assertTrue(self.parser.has_section(u'č')) self.assertTrue(self.parser.has_section(u'ė')) self.assertFalse(self.parser.has_section(u'î')) def test_options(self): self.assertEqual([u'öption', u'optīon'], self.parser.options(u'ä')) self.assertEqual([u'ôption', u'optïon'], self.parser.options(u'č')) def test_get(self): self.assertEqual(u'ÿ', self.parser.get(u'ä', u'öption')) self.assertEqual(u'ž', self.parser.get(u'č', u'ôption')) def test_items(self): self.assertEqual([(u'öption', u'ÿ'), (u'optīon', u'1.1')], self.parser.items(u'ä')) self.assertEqual([(u'ôption', u'ž'), (u'optïon', u'1')], self.parser.items(u'č')) def test_getint(self): self.assertEqual(1, self.parser.getint(u'č', u'optïon')) def test_getfloat(self): self.assertEqual(1.1, self.parser.getfloat(u'ä', u'optīon')) def test_getboolean(self): self.assertTrue(self.parser.getboolean(u'ė', u'optioñ')) def test_has_option(self): self.assertTrue(self.parser.has_option(u'ä', u'öption')) self.assertTrue(self.parser.has_option(u'ä', u'optīon')) self.assertTrue(self.parser.has_option(u'č', u'ôption')) self.assertTrue(self.parser.has_option(u'č', u'optïon')) self.assertTrue(self.parser.has_option(u'ė', u'optioñ')) self.assertFalse(self.parser.has_option(u'î', u'optioñ')) def test_set(self): self.parser.set(u'ä', u'öption', u'ù') self.parser.set(u'ė', u'optiœn', None) self._write() self.assertEqual( u'[ä]\n' u'öption = ù\n' u'optīon = 1.1\n\n' u'[č]\n' u'ôption = ž\n' u'optïon = 1\n\n' u'[ė]\n' u'optioñ = true\n' u'optiœn = \n\n', _read(self.filename)) def test_remove_option(self): self.parser.remove_option(u'ä', u'öption') self.parser.remove_option(u'ė', u'optioñ') self._write() self.assertEqual( u'[ä]\n' u'optīon = 1.1\n\n' u'[č]\n' u'ôption = ž\n' u'optïon = 1\n\n' u'[ė]\n\n', _read(self.filename)) def test_remove_section(self): self.parser.remove_section(u'ä') self.parser.remove_section(u'ė') self._write() self.assertEqual( u'[č]\n' u'ôption = ž\n' u'optïon = 1\n\n', _read(self.filename))
class AuthzPolicy(Component): """Permission policy using an authz-like configuration file. Refer to SVN documentation for syntax of the authz file. Groups are supported. As the fine-grained permissions brought by this permission policy are often used in complement of the other permission policies (like the `DefaultPermissionPolicy`), there's no need to redefine all the permissions here. Only additional rights or restrictions should be added. === Installation === Enabling this policy requires listing it in `trac.ini: {{{ [trac] permission_policies = AuthzPolicy, DefaultPermissionPolicy [authz_policy] authz_file = conf/authzpolicy.conf }}} This means that the `AuthzPolicy` permissions will be checked first, and only if no rule is found will the `DefaultPermissionPolicy` be used. === Configuration === The `authzpolicy.conf` file is a `.ini` style configuration file. - Each section of the config is a glob pattern used to match against a Trac resource descriptor. These descriptors are in the form: {{{ <realm>:<id>@<version>[/<realm>:<id>@<version> ...] }}} Resources are ordered left to right, from parent to child. If any component is inapplicable, `*` is substituted. If the version pattern is not specified explicitely, all versions (`@*`) is added implicitly Example: Match the WikiStart page {{{ [wiki:*] [wiki:WikiStart*] [wiki:WikiStart@*] [wiki:WikiStart] }}} Example: Match the attachment `wiki:WikiStart@117/attachment/FOO.JPG@*` on WikiStart {{{ [wiki:*] [wiki:WikiStart*] [wiki:WikiStart@*] [wiki:WikiStart@*/attachment/*] [wiki:WikiStart@117/attachment/FOO.JPG] }}} - Sections are checked against the current Trac resource '''IN ORDER''' of appearance in the configuration file. '''ORDER IS CRITICAL'''. - Once a section matches, the current username is matched, '''IN ORDER''', against the keys of the section. If a key is prefixed with a `@`, it is treated as a group. If a key is prefixed with a `!`, the permission is denied rather than granted. The username will match any of 'anonymous', 'authenticated', <username> or '*', using normal Trac permission rules. Example configuration: {{{ [groups] administrators = athomas [*/attachment:*] * = WIKI_VIEW, TICKET_VIEW [wiki:WikiStart@*] @administrators = WIKI_ADMIN anonymous = WIKI_VIEW * = WIKI_VIEW # Deny access to page templates [wiki:PageTemplates/*] * = # Match everything else [*] @administrators = TRAC_ADMIN anonymous = BROWSER_VIEW, CHANGESET_VIEW, FILE_VIEW, LOG_VIEW, MILESTONE_VIEW, POLL_VIEW, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_VIEW, SEARCH_VIEW, TICKET_CREATE, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW, WIKI_CREATE, WIKI_MODIFY, WIKI_VIEW # Give authenticated users some extra permissions authenticated = REPO_SEARCH, XML_RPC }}} """ implements(IPermissionPolicy) authz_file = PathOption( "authz_policy", "authz_file", "", "Location of authz policy configuration file. " "Non-absolute paths are relative to the " "Environment `conf` directory.", ) authz = None authz_mtime = None def __init__(self): if not self.authz_file: self.log.error( "The `[authz_policy] authz_file` configuration " "option in trac.ini is empty or not defined." ) raise ConfigurationError() try: os.stat(self.authz_file) except OSError as e: self.log.error("Error parsing authz permission policy file: %s", to_unicode(e)) raise ConfigurationError() self.groups_by_user = {} # IPermissionPolicy methods def check_permission(self, action, username, resource, perm): if not self.authz_mtime or os.path.getmtime(self.authz_file) != self.authz_mtime: self.parse_authz() resource_key = self.normalise_resource(resource) self.log.debug("Checking %s on %s", action, resource_key) permissions = self.authz_permissions(resource_key, username) if permissions is None: return None # no match, can't decide elif permissions == []: return False # all actions are denied # FIXME: expand all permissions once for all ps = PermissionSystem(self.env) for deny, perms in groupby(permissions, key=lambda p: p.startswith("!")): if deny and action in ps.expand_actions(p[1:] for p in perms): return False # action is explicitly denied elif action in ps.expand_actions(perms): return True # action is explicitly granted return None # no match for action, can't decide # Internal methods def parse_authz(self): self.log.debug("Parsing authz security policy %s", self.authz_file) self.authz = UnicodeConfigParser() try: self.authz.read(self.authz_file) except ParsingError as e: self.log.error("Error parsing authz permission policy file: %s", to_unicode(e)) raise ConfigurationError() groups = {} if self.authz.has_section("groups"): for group, users in self.authz.items("groups"): groups[group] = to_list(users) self.groups_by_user = {} def add_items(group, items): for item in items: if item.startswith("@"): add_items(group, groups[item[1:]]) else: self.groups_by_user.setdefault(item, set()).add(group) for group, users in groups.iteritems(): add_items("@" + group, users) self.authz_mtime = os.path.getmtime(self.authz_file) def normalise_resource(self, resource): def to_descriptor(resource): id = resource.id return "%s:%s@%s" % (resource.realm or "*", id if id is not None else "*", resource.version or "*") def flatten(resource): if not resource: return ["*:*@*"] descriptor = to_descriptor(resource) if not resource.realm and resource.id is None: return [descriptor] # XXX Due to the mixed functionality in resource we can end up with # ticket, ticket:1, ticket:1@10. This code naively collapses all # subsets of the parent resource into one. eg. ticket:1@10 parent = resource.parent while parent and resource.realm == parent.realm: parent = parent.parent if parent: return flatten(parent) + [descriptor] else: return [descriptor] return "/".join(flatten(resource)) def authz_permissions(self, resource_key, username): # TODO: Handle permission negation in sections. eg. "if in this # ticket, remove TICKET_MODIFY" if username and username != "anonymous": valid_users = ["*", "authenticated", username] else: valid_users = ["*", "anonymous"] for resource_section in [a for a in self.authz.sections() if a != "groups"]: resource_glob = resource_section if "@" not in resource_glob: resource_glob += "@*" if fnmatchcase(resource_key, resource_glob): for who, permissions in self.authz.items(resource_section): permissions = to_list(permissions) if who in valid_users or who in self.groups_by_user.get(username, []): self.log.debug("%s matched section %s for user %s", resource_key, resource_glob, username) if isinstance(permissions, basestring): return [permissions] else: return permissions return None