# Ticket #3828 (closed defect: fixed)

Opened 5 years ago

## Inefficient Permission Check (Was:Permission Problem with internal tickets)

Reported by: Assigned to: watho@web.de bobbysmith007 normal TimingAndEstimationPlugin normal watho@web.de 0.11

### Description

Setting a ticket to internal leads to error message: Error forbidden, Permission TICKET_VIEW needed.

I can only access the tickets as admin.

I'm using Trac 0.12dev r7557

## Change History

### 09/29/08 18:10:24 changed by watho

• cc set to watho@web.de.

### 09/29/08 19:16:55 changed by bobbysmith007

(In [4358]) re #3828 fixed a bug in ticket policy where it should have been checking for a permission or a group, but was only checking for a permission

### 09/29/08 19:22:09 changed by bobbysmith007

• status changed from new to closed.
• resolution set to fixed.

If you were using a group name instead of a permission name, this would not have worked. This has been fixed now and we check for group membership or permission.

If you want to set what group/permission is used you can do so in the trac.ini file.

[ticket]
internalgroup = PermissionOrGroupHere


If you still experience the error after upgrading please reopen. Thanks for the bug report,

Russ

### 10/08/08 20:06:33 changed by jodok

• status changed from closed to reopened.
• resolution deleted.

that's very inefficient as it calls the def get_all_permissions(self): on the authentication backend.

and e.g. in an ldap environment it says:

        """Retrieve the permissions for all users from the LDAP directory"""
# do not use the cache as this method is only used for administration


i disabled the possibility to check for groups as it took > 10 seconds to do this check. probably there is a smarter way to check for that?

### 01/19/09 11:21:24 changed by bobbysmith007

• summary changed from Permission Problem with internal tickets to Inefficien Permission Check (Was:Permission Problem with internal tickets).

### 01/19/09 11:33:05 changed by bobbysmith007

• summary changed from Inefficien Permission Check (Was:Permission Problem with internal tickets) to Inefficient Permission Check (Was:Permission Problem with internal tickets).

### 03/10/09 22:47:38 changed by mixedpuppy

This happens for me as well, but for a slightly different reason. I set internal.value=0 in trac.ini, but the form has '1' as the value (if the field gets hidden). The result is that any non-TRAC_ADMIN user submitting a ticket ends up creating a ticket with the 'internal' flag on, then get denied viewing the ticket they just submitted.

### 03/11/09 01:57:35 changed by mixedpuppy

blackmagic fix for checkbox fields

### 03/11/09 02:00:32 changed by mixedpuppy

The patch I just added properly deals with checkbox values when hiding a field. There is probably more that should be done, but this fixes the initial problem for me.

repro for my issue:

in trac.ini set internal.value=0 as a user who has TICKET_CREATE and TICKET_VIEW permissions, but not admin or "internal" permission, create a new ticket.

You will get the error message from the description of this ticket.

### 03/11/09 14:49:20 changed by bobbysmith007

Thanks for the patch, but in response to #4400 I added a patch just like this on friday: [5348], so you may want to update to the latest version of this plugin.

I will attempt to reproduce your problem and figure out what is wrong... Your problem seems to be somewhat different than the one this ticket is about. I will assess it futher, when I can test the error.

Still no word on efficient permission check.

HTH, Russ

### 08/29/11 20:48:10 changed by bobbysmith007

• status changed from reopened to closed.
• resolution set to fixed.

(In [10626]) ver 1.1.8b

when searching for groups, dont query all permissions unless we are using the default store (LDAP store takes a long time to return all permissions).

fix #3828

### 04/16/12 01:47:15 changed by rjollos

I see that you also implemented the same fix as in #3222 as part of [10626], so mixed-case group names should be supported by your plugin after [10626] (action.islower() -> not action.isupper()).

### Add/Change #3828 (Inefficient Permission Check (Was:Permission Problem with internal tickets))

Change Properties