Modify

Opened 7 years ago

Closed 4 years ago

Last modified 5 weeks ago

#1902 closed enhancement (fixed)

[patch] Allow more granular permissions

Reported by: trivoallan Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: permission separation admin web_ui
Cc: trac@… Trac Release: 0.10

Description

I often need two distinct persons to manage users and password stores. So here's a patch that adds 2 new permissions to make this behavior possible.

  • TRAC_ADMIN permission grants access to both admin screens.
  • ACCOUNTMANAGER_USERS grants access to the "Users" screen
  • ACCOUNTMANAGER_CONFIG grants access to the "Configuration" screen

Attachments (1)

trac-accountmanager-1902-granularperms.patch (1.5 KB) - added by trivoallan 7 years ago.

Download all attachments as: .zip

Change History (6)

Changed 7 years ago by trivoallan

comment:1 Changed 7 years ago by trivoallan

  • Summary changed from More granular permissions to [PATCH] More granular permissions

comment:2 Changed 7 years ago by adhisimon

  • Cc trac@… added

It doesn't seem to work on my installation.
My trac installation is using CentOS/RedHat 5 RPM trac-0.10.4-1.el5.noarch.rpm, and my TracAccountManager is TracAccountManager-0.1.3dev_r2548-py2.4.egg

The patch file is broken and I must patch the file manually. But when I'm going to grant permission to a user as ACCOUNTMANAGER_USER, it will result an error page:

Internal Error
ACCOUNTMANAGER_USERS is not a valid action.

comment:3 follow-up: Changed 4 years ago by sto

I've written a similar patch for Trac 0.12, the new patch is on ticket #7700.

comment:4 in reply to: ↑ 3 Changed 4 years ago by hasienda

  • Keywords permission separation admin web_ui added
  • Owner changed from mgood to hasienda
  • Status changed from new to assigned
  • Summary changed from [PATCH] More granular permissions to [patch] Allow more granular permissions

Replying to sto:

I've written a similar patch for Trac 0.12, the new patch is on ticket #7700.

Great. I've already had look at this, and it seems o.

comment:5 Changed 4 years ago by hasienda

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [9280]) AccountManagerPlugin: Allow acctmgr administration for non-TRAC_ADMINs, closes #3726 and #7700.

With dedicated AccountManagerPlugin permissions now you could not only
delegate AccountManager administration to users without granting them
TRAC_ADMIN, but even differentiate access policy within these settings
(closes #1902 as well):

  • ACCTMGR_CONFIG_ADMIN - for /config and /notification
  • ACCTMGR_USER_ADMIN - for /users
  • ACCTMGR_ADMIN - inheriting all without requiring TRAC_ADMIN

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from hasienda. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.