Ticket #1902 (closed enhancement: fixed)

Opened 6 years ago

Last modified 3 years ago

[patch] Allow more granular permissions

Reported by: trivoallan Assigned to: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: permission separation admin web_ui
Cc: trac@adhisimon.or.id Trac Release: 0.10

Description

I often need two distinct persons to manage users and password stores. So here's a patch that adds 2 new permissions to make this behavior possible.

  • TRAC_ADMIN permission grants access to both admin screens.
  • ACCOUNTMANAGER_USERS grants access to the "Users" screen
  • ACCOUNTMANAGER_CONFIG grants access to the "Configuration" screen

Attachments

trac-accountmanager-1902-granularperms.patch (1.5 kB) - added by trivoallan on 08/07/07 12:48:13.

Change History

08/07/07 12:48:13 changed by trivoallan

  • attachment trac-accountmanager-1902-granularperms.patch added.

08/07/07 12:48:53 changed by trivoallan

  • summary changed from More granular permissions to [PATCH] More granular permissions.

11/08/07 05:31:01 changed by adhisimon

  • cc set to trac@adhisimon.or.id.

It doesn't seem to work on my installation. My trac installation is using CentOS/RedHat 5 RPM trac-0.10.4-1.el5.noarch.rpm, and my TracAccountManager? is TracAccountManager?-0.1.3dev_r2548-py2.4.egg

The patch file is broken and I must patch the file manually. But when I'm going to grant permission to a user as ACCOUNTMANAGER_USER, it will result an error page:

Internal Error ACCOUNTMANAGER_USERS is not a valid action.

(follow-up: ↓ 4 ) 09/20/10 10:46:56 changed by sto

I've written a similar patch for Trac 0.12, the new patch is on ticket #7700.

(in reply to: ↑ 3 ) 10/11/10 21:49:40 changed by hasienda

  • keywords set to permission separation admin web_ui.
  • status changed from new to assigned.
  • owner changed from mgood to hasienda.
  • summary changed from [PATCH] More granular permissions to [patch] Allow more granular permissions.

Replying to sto:

I've written a similar patch for Trac 0.12, the new patch is on ticket #7700.

Great. I've already had look at this, and it seems o.

10/11/10 22:39:00 changed by hasienda

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [9280]) AccountManagerPlugin: Allow acctmgr administration for non-TRAC_ADMINs, closes #3726 and #7700.

With dedicated AccountManagerPlugin permissions now you could not only delegate AccountManager administration to users without granting them TRAC_ADMIN, but even differentiate access policy within these settings (closes #1902 as well):

  • ACCTMGR_CONFIG_ADMIN - for /config and /notification
  • ACCTMGR_USER_ADMIN - for /users
  • ACCTMGR_ADMIN - inheriting all without requiring TRAC_ADMIN

Add/Change #1902 ([patch] Allow more granular permissions)




Change Properties
Action