Modify

Opened 4 months ago

Last modified 4 months ago

#11826 new enhancement

Add support for specific permission to manage custom fields

Reported by: ahamelin Owned by: osimons
Priority: normal Component: CustomFieldAdminPlugin
Severity: normal Keywords:
Cc: Trac Release:

Description

I would find it useful to be able to use a distinct permission to manage custom ticket fields, like some other popular plugins do.

The issue I see right now is that managing custom fields require the full TICKET_ADMIN permission. This approach has a couple of downsides, such as permitting a user to change the owner of a ticket, etc. which is not necessarily bound to managing ticket fields, and gives more power to certain group of users than it is minimally necessary.

A minimal implementation could only include CUSTOM_FIELDS_ADMIN which would grant access to the Admin > Custom Fields admin panel. I would expect TICKET_ADMIN to still give access to the custom fields admin panel.

Attachments (0)

Change History (1)

comment:1 Changed 4 months ago by rjollos

This is generally handled in Trac using TracFineGrainedPermissions. This is a very powerful feature that also help prevent the bloat of very specific permissions which may only apply to a narrow subset of users. Many TracFineGrainedPermissions policy issues in the admin realm have been fixed in Trac 1.0.2dev: trac:#11069.

I tested a permissions policy with Trac 1.0.1 and the latest CustomFieldAdminPlugin. The following patch is needed (which is very similar to the changes in trac:#11069):

  • customfieldadminplugin/0.11/customfieldadmin/admin.py

    diff --git a/customfieldadminplugin/0.11/customfieldadmin/admin.py b/customfield
    index 94e89d1..2fdc79c 100644
    a b class CustomFieldAdminPage(Component): 
    3030    # IAdminPanelProvider methods 
    3131     
    3232    def get_admin_panels(self, req): 
    33         if 'TICKET_ADMIN' in req.perm: 
     33        if 'TICKET_ADMIN' in req.perm('admin', 'ticket/customfields'): 
    3434            yield ('ticket', _("Ticket System"), 
    3535                   'customfields', _("Custom Fields"))  
    3636 
    3737    def render_admin_panel(self, req, cat, page, customfield): 
    38         req.perm.require('TICKET_ADMIN') 
     38        req.perm('admin', 'ticket/customfields').require('TICKET_ADMIN') 
    3939         
    4040        add_script(req, 'customfieldadmin/js/customfieldadmin.js') 

osimons, would you kindly review?

After the patch is applied, the following policy would allow all users to access the Custom Fields page. This is probably not what you want, and is just meant as an example to get you started. See the TracFineGrainedPermissions for more details.

[admin:ticket/customfields]
* = TICKET_ADMIN

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.