Modify

Opened 7 years ago

Closed 4 years ago

Last modified 2 months ago

#1902 closed enhancement (fixed)

[patch] Allow more granular permissions

Reported by: trivoallan Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: permission separation admin web_ui
Cc: trac@… Trac Release: 0.10

Description

I often need two distinct persons to manage users and password stores. So here's a patch that adds 2 new permissions to make this behavior possible.

  • TRAC_ADMIN permission grants access to both admin screens.
  • ACCOUNTMANAGER_USERS grants access to the "Users" screen
  • ACCOUNTMANAGER_CONFIG grants access to the "Configuration" screen

Attachments (1)

trac-accountmanager-1902-granularperms.patch (1.5 KB) - added by trivoallan 7 years ago.

Download all attachments as: .zip

Change History (6)

Changed 7 years ago by trivoallan

comment:1 Changed 7 years ago by trivoallan

  • Summary changed from More granular permissions to [PATCH] More granular permissions

comment:2 Changed 7 years ago by adhisimon

  • Cc trac@… added

It doesn't seem to work on my installation.
My trac installation is using CentOS/RedHat 5 RPM trac-0.10.4-1.el5.noarch.rpm, and my TracAccountManager is TracAccountManager-0.1.3dev_r2548-py2.4.egg

The patch file is broken and I must patch the file manually. But when I'm going to grant permission to a user as ACCOUNTMANAGER_USER, it will result an error page:

Internal Error
ACCOUNTMANAGER_USERS is not a valid action.

comment:3 follow-up: Changed 4 years ago by sto

I've written a similar patch for Trac 0.12, the new patch is on ticket #7700.

comment:4 in reply to: ↑ 3 Changed 4 years ago by hasienda

  • Keywords permission separation admin web_ui added
  • Owner changed from mgood to hasienda
  • Status changed from new to assigned
  • Summary changed from [PATCH] More granular permissions to [patch] Allow more granular permissions

Replying to sto:

I've written a similar patch for Trac 0.12, the new patch is on ticket #7700.

Great. I've already had look at this, and it seems o.

comment:5 Changed 4 years ago by hasienda

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [9280]) AccountManagerPlugin: Allow acctmgr administration for non-TRAC_ADMINs, closes #3726 and #7700.

With dedicated AccountManagerPlugin permissions now you could not only
delegate AccountManager administration to users without granting them
TRAC_ADMIN, but even differentiate access policy within these settings
(closes #1902 as well):

  • ACCTMGR_CONFIG_ADMIN - for /config and /notification
  • ACCTMGR_USER_ADMIN - for /users
  • ACCTMGR_ADMIN - inheriting all without requiring TRAC_ADMIN

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.