Index: tracrpc/ticket.py =================================================================== --- tracrpc/ticket.py (revision 2624) +++ tracrpc/ticket.py (working copy) @@ -5,6 +5,7 @@ from tracrpc.util import to_timestamp, to_datetime import trac.ticket.model as model import trac.ticket.query as query +from trac.ticket.web_ui import TicketModule from trac.ticket.api import TicketSystem from trac.ticket.notification import TicketNotifyEmail @@ -28,7 +29,7 @@ yield ('TICKET_VIEW', ((list, int),), self.getAvailableActions) yield ('TICKET_VIEW', ((list, int),), self.get) yield ('TICKET_CREATE', ((int, str, str), (int, str, str, dict), (int, str, str, dict, bool)), self.create) - yield ('TICKET_ADMIN', ((list, int, str), (list, int, str, dict), (list, int, str, dict, bool)), self.update) + yield ('TICKET_VIEW', ((list, int, str), (list, int, str, dict), (list, int, str, dict, bool)), self.update) yield ('TICKET_ADMIN', ((None, int),), self.delete) yield ('TICKET_VIEW', ((dict, int), (dict, int, int)), self.changeLog) yield ('TICKET_VIEW', ((list, int),), self.listAttachments) @@ -82,6 +83,7 @@ t['reporter'] = req.authname or 'anonymous' for k, v in attributes.iteritems(): t[k] = v + self._validate_ticket(req, t) t.insert() if notify: @@ -101,6 +103,7 @@ t = model.Ticket(self.env, id) for k, v in attributes.iteritems(): t[k] = v + self._validate_ticket(req, t) t.save_changes(req.authname or 'anonymous', comment) if notify: @@ -166,6 +169,12 @@ """ Return a list of all ticket fields fields. """ return TicketSystem(self.env).get_ticket_fields() + def _validate_ticket(self, req, ticket): + ticket_module = TicketModule(self.env) + req.args['ts'] = str(ticket.time_changed) + if not ticket_module._validate_ticket(req, ticket): + raise TracError(' '.join(req.warnings) or 'Invalid ticket data or permissions') + def ticketModelFactory(cls, cls_attributes): """ Return a class which exports an interface to trac.ticket.model.. """