77from trac .web .chrome import Chrome
88from trac .ticket .query import Query , QuerySyntaxError , QueryValueError
99
10+
1011class ConfigurablePermissionPolicy (Component ):
1112 implements (IPermissionRequestor , IPermissionPolicy )
1213
@@ -21,12 +22,12 @@ def get_permission_actions(self):
2122 return result
2223
2324 def check_permission (self , action , username , resource , user_perm ):
24-
25+
2526 result = None
26-
27+
2728 if resource is None :
2829 return None
29-
30+
3031 elif resource .realm == 'ticket' :
3132 for perm in self .ticket_perm :
3233 if (perm .action == action or perm .action == '*' or perm .action == '' ) \
@@ -36,7 +37,8 @@ def check_permission(self, action, username, resource, user_perm):
3637 if perm .rule == '' or perm .rule == '*' :
3738 flag = True
3839 else :
39- query_string = 'id=' + str (resource .id ) + '&' + perm .rule
40+ query_string = 'id=' + \
41+ str (resource .id ) + '&' + perm .rule
4042 try :
4143 query = Query .from_string (self .env , query_string )
4244 except QuerySyntaxError as e :
@@ -48,16 +50,27 @@ def check_permission(self, action, username, resource, user_perm):
4850 flag = ticketsCount > 0
4951
5052 if flag :
51- return self ._should_allow (perm , user_perm )
53+ result = self ._combine_result (
54+ result , self ._should_allow (perm , user_perm ))
5255
5356 elif resource .realm == 'wiki' :
5457 for perm in self .wiki_perm :
5558 if perm .action == action or perm .action == '*' or perm .action == '' :
5659 if perm .wiki_name == '' or perm .wiki_name == '*' or perm .wiki_name == resource .id :
57- return self ._should_allow (perm , user_perm )
60+ result = self ._combine_result (
61+ result , self ._should_allow (perm , user_perm ))
5862
5963 return result
6064
65+ def _combine_result (self , result1 , result2 ):
66+ if result2 is not None :
67+ if result1 :
68+ return result1 and result2
69+ else :
70+ return result1 or result2
71+ else :
72+ return result1
73+
6174 def _should_allow (self , perm , user_perm ):
6275 if perm .permission == '' or perm .permission == '*' or self ._has_permission_simple (user_perm .username , perm .permission ):
6376 if perm .result .lower () in ['allow' , 'allow-only' ]:
@@ -83,17 +96,22 @@ def _build_permission_config(self):
8396 for opt_name , opt_value in self .config .options ('configurable-permission-rules' ):
8497 values = map (lambda x : x .strip (), opt_value .split (',' ))
8598 if len (values ) != 5 :
86- self .log .warn ('ConfigurablePermissionPolicy: invalid syntax for rule "' + opt_name + '", ignore' )
99+ self .log .warn (
100+ 'ConfigurablePermissionPolicy: invalid syntax for rule "' + opt_name + '", ignore' )
87101 continue
88102 if not values [4 ].lower () in ['allow' , 'allow-only' , 'deny' , 'pass' , 'pass-only' ]:
89- self .log .warn ('ConfigurablePermissionPolicy: invalid result for rule "' + opt_name + '", default to pass' )
103+ self .log .warn (
104+ 'ConfigurablePermissionPolicy: invalid result for rule "' + opt_name + '", default to pass' )
90105 values [4 ] = 'pass'
91106 if values [0 ] == 'ticket' :
92- ticket_perm .append (ConfigurablePermissionPolicy .ConfigurableTicketPermission (* values ))
107+ ticket_perm .append (
108+ ConfigurablePermissionPolicy .ConfigurableTicketPermission (* values ))
93109 elif values [0 ] == 'wiki' :
94- wiki_perm .append (ConfigurablePermissionPolicy .ConfigurableWikiPermission (* values ))
110+ wiki_perm .append (
111+ ConfigurablePermissionPolicy .ConfigurableWikiPermission (* values ))
95112 else :
96- self .log .warn ('ConfigurablePermissionPolicy: not supported type for rule "' + opt_name + '", default to pass' )
113+ self .log .warn (
114+ 'ConfigurablePermissionPolicy: not supported type for rule "' + opt_name + '", default to pass' )
97115
98116 return wiki_perm , ticket_perm
99117
@@ -112,5 +130,3 @@ def __init__(self, name, action, rule, permission, result):
112130 self .permission = permission
113131 self .action = action
114132 self .result = result .lower ()
115-
116-
0 commit comments