| | 1 | = Trac Permissions = |
| | 2 | [[TracGuideToc]] |
| | 3 | |
| | 4 | Trac uses a simple but flexible permission system to control what users can and can't access. |
| | 5 | |
| | 6 | Permission privileges are managed using the [wiki:TracAdmin trac-admin] tool. |
| | 7 | |
| | 8 | Regular visitors, non-authenticated users, accessing the system are assigned the default |
| | 9 | role (''user'') named {{{anonymous}}}. |
| | 10 | Assign permissions to the {{{anonymous}}} user to set privileges for non-authenticated/guest users. |
| | 11 | |
| | 12 | In addition to these privileges users can be granted additional individual |
| | 13 | rights in effect when authenticated and logged into the system. |
| | 14 | |
| | 15 | == Available Privileges == |
| | 16 | |
| | 17 | To enable all privileges for a user, use the `TRAC_ADMIN` permission. Having `TRAC_ADMIN` is like being `root` on a *NIX system, it will let you do anything you want. |
| | 18 | |
| | 19 | Otherwise, individual privileges can be assigned to users for the various different functional areas of Trac: |
| | 20 | |
| | 21 | === Repository Browser === |
| | 22 | |
| | 23 | || `BROWSER_VIEW` || View directory listings in the [wiki:TracBrowser repository browser] || |
| | 24 | || `LOG_VIEW` || View revision logs of files and directories in the [wiki:TracBrowser repository browser] || |
| | 25 | || `FILE_VIEW` || View files in the [wiki:TracBrowser repository browser] || |
| | 26 | || `CHANGESET_VIEW` || View [wiki:TracChangeset repository check-ins] || |
| | 27 | |
| | 28 | === Ticket System === |
| | 29 | |
| | 30 | || `TICKET_VIEW` || View existing [wiki:TracTickets tickets] and perform [wiki:TracQuery ticket queries] || |
| | 31 | || `TICKET_CREATE` || Create new [wiki:TracTickets tickets] || |
| | 32 | || `TICKET_APPEND` || Add comments or attachments to [wiki:TracTickets tickets] || |
| | 33 | || `TICKET_CHGPROP` || Modify [wiki:TracTickets ticket] properties || |
| | 34 | || `TICKET_MODIFY` || Includes both `TICKET_APPEND` and `TICKET_CHGPROP`, and in addition allows resolving [wiki:TracTickets tickets] || |
| | 35 | || `TICKET_ADMIN` || All `TICKET_*` permissions, plus the deletion of ticket attachments. || |
| | 36 | |
| | 37 | === Roadmap === |
| | 38 | |
| | 39 | || `MILESTONE_VIEW` || View a milestone || |
| | 40 | || `MILESTONE_CREATE` || Create a new milestone || |
| | 41 | || `MILESTONE_MODIFY` || Modify existing milestones || |
| | 42 | || `MILESTONE_DELETE` || Delete milestones || |
| | 43 | || `MILESTONE_ADMIN` || All `MILESTONE_*` permissions || |
| | 44 | || `ROADMAP_VIEW` || View the [wiki:TracRoadmap roadmap] page || |
| | 45 | || `ROADMAP_ADMIN` || Alias for `MILESTONE_ADMIN` (deprecated) || |
| | 46 | |
| | 47 | === Reports === |
| | 48 | |
| | 49 | || `REPORT_VIEW` || View [wiki:TracReports reports] || |
| | 50 | || `REPORT_SQL_VIEW` || View the underlying SQL query of a [wiki:TracReports report] || |
| | 51 | || `REPORT_CREATE` || Create new [wiki:TracReports reports] || |
| | 52 | || `REPORT_MODIFY` || Modify existing [wiki:TracReports reports] || |
| | 53 | || `REPORT_DELETE` || Delete [wiki:TracReports reports] || |
| | 54 | || `REPORT_ADMIN` || All `REPORT_*` permissions || |
| | 55 | |
| | 56 | === Wiki System === |
| | 57 | |
| | 58 | || `WIKI_VIEW` || View existing [wiki:TracWiki wiki] pages || |
| | 59 | || `WIKI_CREATE` || Create new [wiki:TracWiki wiki] pages || |
| | 60 | || `WIKI_MODIFY` || Change [wiki:TracWiki wiki] pages || |
| | 61 | || `WIKI_DELETE` || Delete [wiki:TracWiki wiki] pages and attachments || |
| | 62 | || `WIKI_ADMIN` || All `WIKI_*` permissions, plus the management of ''readonly'' pages. || |
| | 63 | |
| | 64 | === Others === |
| | 65 | |
| | 66 | || `TIMELINE_VIEW` || View the [wiki:TracTimeline timeline] page || |
| | 67 | || `SEARCH_VIEW` || View and execute [wiki:TracSearch search] queries || |
| | 68 | || `CONFIG_VIEW` || Enables additional pages on ''About Trac'' that show the current configuration or the list of installed plugins || |
| | 69 | |
| | 70 | == Granting Privileges == |
| | 71 | |
| | 72 | Currently the only way to grant privileges to users is by using the `trac-admin` script. The current set of privileges can be listed with the following command: |
| | 73 | {{{ |
| | 74 | $ trac-admin /path/to/projenv permission list |
| | 75 | }}} |
| | 76 | |
| | 77 | This command will allow the user ''bob'' to delete reports: |
| | 78 | {{{ |
| | 79 | $ trac-admin /path/to/projenv permission add bob REPORT_DELETE |
| | 80 | }}} |
| | 81 | |
| | 82 | == Permission Groups == |
| | 83 | |
| | 84 | Permissions can be grouped together to form roles such as ''developer'', ''admin'', etc. |
| | 85 | {{{ |
| | 86 | $ trac-admin /path/to/projenv permission add developer WIKI_ADMIN |
| | 87 | $ trac-admin /path/to/projenv permission add developer REPORT_ADMIN |
| | 88 | $ trac-admin /path/to/projenv permission add developer TICKET_MODIFY |
| | 89 | $ trac-admin /path/to/projenv permission add bob developer |
| | 90 | $ trac-admin /path/to/projenv permission add john developer |
| | 91 | }}} |
| | 92 | |
| | 93 | == Default Permissions == |
| | 94 | |
| | 95 | Granting privileges to the special user ''anonymous'' can be used to control what an anonymous user can do before they have logged in. |
| | 96 | |
| | 97 | In the same way, privileges granted to the special user ''authenticated'' will apply to any authenticated (logged in) user. |
| | 98 | |
| | 99 | ---- |
| | 100 | See also: TracAdmin, TracGuide |
