Modify

Opened 7 years ago

Closed 3 years ago

#2877 closed defect (fixed)

TICKET_VIEW_SELF does not work with 0.11

Reported by: anonymous Owned by: rjollos
Priority: high Component: PrivateTicketsPlugin
Severity: blocker Keywords:
Cc: Trac Release: 0.12

Description

for any tickets:
TICKET_VIEW privileges are required to perform this operation

but if it is granted then the user can see all of them

(using default config after install and only this component)

Attachments (0)

Change History (11)

comment:1 Changed 7 years ago by anonymous

  • Priority changed from normal to high
  • Severity changed from normal to blocker

comment:2 Changed 7 years ago by benbruscella

Confirmed using:

  • Trac 0.11dev-r6814
  • TracAccountManager 0.2dev-r3111
  • TracPrivateTickets 2.0 with #2876 applied


comment:3 Changed 6 years ago by evian

confirmed here also, when can we expect a patch?

comment:4 Changed 6 years ago by coderanger

  • Resolution set to worksforme
  • Status changed from new to closed

Chances are you haven't activated the policy, please find me on IRC if you wish to use this on 0.11 as it has not been formally released (hence the tag still being 0.10 and the docs not being updated to reflect 0.11).

comment:5 follow-up: Changed 4 years ago by russell@…

  • Resolution worksforme deleted
  • Status changed from closed to reopened
  • Trac Release changed from 0.11 to 0.12

I am having the same issue on 0.12, using version 2.0.2.
I have the following in trac.ini:

permission_policies = PrivateTicketsPolicy, InternalTicketsPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy

In addition to PrivateTickets, I have timingandestimationplugin 1.0.8b installed.

comment:6 in reply to: ↑ 5 ; follow-up: Changed 4 years ago by rjollos

Replying to russell@rentmagic.ca:

In addition to PrivateTickets, I have timingandestimationplugin 1.0.8b installed.

We'll need more information to pursue this issue further. Please test with TimingAndEstimationPlugin disabled, and InternalTicketsPolicy removed from permission_policies.

comment:7 in reply to: ↑ 6 ; follow-up: Changed 4 years ago by anonymous

Replying to rjollos:

We'll need more information to pursue this issue further. Please test with TimingAndEstimationPlugin disabled, and InternalTicketsPolicy removed from permission_policies.

I have disabled the plugin, and removed InternalTicketsPolicy, and it still doesn't work.

I also have three other plugins installed (which I disabled when testing): TracAccountManager, TracXMLRPC, and TracHTTPAuth, but even with th

comment:8 in reply to: ↑ 7 ; follow-up: Changed 4 years ago by rjollos

Replying to anonymous:

I also have three other plugins installed (which I disabled when testing): TracAccountManager, TracXMLRPC, and TracHTTPAuth, but even with th

Could you please list all the permissions of the user that you are trying to restrict ticket access for?

comment:9 in reply to: ↑ 8 ; follow-ups: Changed 4 years ago by anonymous

Replying to rjollos:

Could you please list all the permissions of the user that you are trying to restrict ticket access for?

I have put the following privileges into the authenticated group:

TICKET_CREATE, TICKET_APPEND, REPORT_VIEW, TICKET_VIEW_SELF, TICKET_VIEW_REPORTER

I am pretty sure I don't need TICKET_VIEW_REPORTER, but I had it there for testing.

comment:10 in reply to: ↑ 9 Changed 4 years ago by rjollos

  • Owner changed from coderanger to rjollos
  • Status changed from reopened to new

Replying to anonymous:

I have put the following privileges into the authenticated group:

Thanks, I will investigate and get back to you soon.

comment:11 in reply to: ↑ 9 Changed 3 years ago by rjollos

  • Resolution set to fixed
  • Status changed from new to closed

Replying to anonymous:

TICKET_CREATE, TICKET_APPEND, REPORT_VIEW, TICKET_VIEW_SELF, TICKET_VIEW_REPORTER

I am pretty sure I don't need TICKET_VIEW_REPORTER, but I had it there for testing.

I'm getting back to you pretty late on this and doubt I'll get a follow-up, so I'll just close it. Please reopen if you wish to continue debugging. The next step would be to investigate the log files, see t:TracLogging for more details.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.