Ticket #3828 (closed defect: fixed)

Opened 5 years ago

Last modified 1 year ago

Inefficient Permission Check (Was:Permission Problem with internal tickets)

Reported by: watho@web.de Assigned to: bobbysmith007
Priority: normal Component: TimingAndEstimationPlugin
Severity: normal Keywords:
Cc: watho@web.de Trac Release: 0.11

Description

Setting a ticket to internal leads to error message: Error forbidden, Permission TICKET_VIEW needed.

I can only access the tickets as admin.

I'm using Trac 0.12dev r7557

Attachments

t-e-blackmagic.patch (1.0 kB) - added by mixedpuppy on 03/11/09 01:57:35.
blackmagic fix for checkbox fields

Change History

09/29/08 18:10:24 changed by watho

  • cc set to watho@web.de.

09/29/08 19:16:55 changed by bobbysmith007

(In [4358]) re #3828 fixed a bug in ticket policy where it should have been checking for a permission or a group, but was only checking for a permission

09/29/08 19:22:09 changed by bobbysmith007

  • status changed from new to closed.
  • resolution set to fixed.

If you were using a group name instead of a permission name, this would not have worked. This has been fixed now and we check for group membership or permission.

If you want to set what group/permission is used you can do so in the trac.ini file. 

[ticket]
internalgroup = PermissionOrGroupHere

If you still experience the error after upgrading please reopen. Thanks for the bug report,

Russ

10/08/08 20:06:33 changed by jodok

  • status changed from closed to reopened.
  • resolution deleted.

that's very inefficient as it calls the def get_all_permissions(self): on the authentication backend.

and e.g. in an ldap environment it says: 

        """Retrieve the permissions for all users from the LDAP directory"""
        # do not use the cache as this method is only used for administration
        # tasks, not for runtime

i disabled the possibility to check for groups as it took > 10 seconds to do this check. probably there is a smarter way to check for that?

01/19/09 11:21:24 changed by bobbysmith007

  • summary changed from Permission Problem with internal tickets to Inefficien Permission Check (Was:Permission Problem with internal tickets).

01/19/09 11:33:05 changed by bobbysmith007

  • summary changed from Inefficien Permission Check (Was:Permission Problem with internal tickets) to Inefficient Permission Check (Was:Permission Problem with internal tickets).

03/10/09 22:47:38 changed by mixedpuppy

This happens for me as well, but for a slightly different reason. I set internal.value=0 in trac.ini, but the form has '1' as the value (if the field gets hidden). The result is that any non-TRAC_ADMIN user submitting a ticket ends up creating a ticket with the 'internal' flag on, then get denied viewing the ticket they just submitted.

03/11/09 01:57:35 changed by mixedpuppy

  • attachment t-e-blackmagic.patch added.

blackmagic fix for checkbox fields

03/11/09 02:00:32 changed by mixedpuppy

The patch I just added properly deals with checkbox values when hiding a field. There is probably more that should be done, but this fixes the initial problem for me.

repro for my issue:

in trac.ini set internal.value=0 as a user who has TICKET_CREATE and TICKET_VIEW permissions, but not admin or "internal" permission, create a new ticket.

You will get the error message from the description of this ticket.

03/11/09 14:49:20 changed by bobbysmith007

Thanks for the patch, but in response to #4400 I added a patch just like this on friday: [5348], so you may want to update to the latest version of this plugin.

I will attempt to reproduce your problem and figure out what is wrong... Your problem seems to be somewhat different than the one this ticket is about. I will assess it futher, when I can test the error.

Still no word on efficient permission check.

HTH, Russ

08/29/11 20:48:10 changed by bobbysmith007

  • status changed from reopened to closed.
  • resolution set to fixed.

(In [10626]) ver 1.1.8b

when searching for groups, dont query all permissions unless we are using the default store (LDAP store takes a long time to return all permissions).

fix #3828

04/16/12 01:47:15 changed by rjollos

I see that you also implemented the same fix as in #3222 as part of [10626], so mixed-case group names should be supported by your plugin after [10626] (action.islower() -> not action.isupper()).

Add/Change #3828 (Inefficient Permission Check (Was:Permission Problem with internal tickets))




Change Properties
Action