User Management

ClueMapper currently uses the following Trac plugins to manage users/accounts:

• TracUserManagerPlugin?
• TracAccountManager?

Technology Stack

The authentication layer is WSGI middleware provided by repoze.who. repoze.who wraps the entire application and uses a htpasswd-based plugin to get uses from an htpasswd file (the type apache commonly uses).

TracUserManagerPlugin? is configured to use the same htpasswd file so that normal Trac user creation ends up having it's credentials stored properly.

TracAccountManager? is used to provide nice configuration screens for managing accounts. A custom user store plugin is provided by ClueMapper itself so that TracAccountManager? stores all account profile information inside the same cluemapper sqlite db (by default stored at etc/cluemapper/cluemapper.db). TracAccountManager? has partial integration support with TracUserManagerPlugin?.

Technology Stack Problems

• Neither of these trac plugins have proper release cycles which means currently SVN versions are being used (although the ClueMapper index provides it's own snapshot version of these to stay somewhat stable)
• The integration between TracAccountManager? and TracUserManagerPlugin? is quite crude
  • as such, the configuration panel for TracAccountManager? provides two forms for adding users where the first form cannot be deactivated but should be ignored by ClueMapper admin users
• Setting up permissions still uses Trac's default system which doesn't allow for searching for users (ie the admin user has to know the usernames of the people being added)
• UI for setting up permissions is very low level such that it's hard to distinguish between users, groups, actions, and subjects

Proposed Technology Stack

• Create an integrated plugin that provides only the necessary functionality of TracUserManagerPlugin? and TracAccountManager? and default Trac permissions configuration (can reuse code from the current ClueMapper user store)