Modify

Opened 6 years ago

Closed 5 years ago

#4400 closed defect (fixed)

billing / internal state changes but it shouldnt

Reported by: gomez Owned by: bobbysmith007
Priority: normal Component: TimingAndEstimationPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

We set permissions in the way that only a special role can modify/see the billing/internal checkboxes.
But if a "normal" user changes a value of a ticket (e.g. comment,keywords..) the billing/internal value gets changed (if it is unset it gets set).

We use this version: "SVN Trac0.11 branch With Permissions EXPERIMENTAL"

Attachments (0)

Change History (8)

comment:1 Changed 6 years ago by bobbysmith007

busy at the moment, but I will attend to this as soon as I can

comment:2 Changed 6 years ago by bobbysmith007

Wait... so how did you configure this?

It sounds like those fields are being removed from the form, which when they dont show up in the form post would cause their values to be reset (due to the fact that checkboxes that are not checked, are not submitted). Essentially by removing them from the form you are not checking them. What should happen is that they should be replaced with a hidden field, or possibly stored in session and retrieved from there (so that the user couldnt just change the hidden value).

Once I see the config you are using to get this to happen, I might be able to help.

Thanks,

Russ

comment:3 Changed 6 years ago by gomez

Hi Russ,

thanks for the answer.

In trac.ini we added this custom ticket fields:

[ticket-custom]
billable = checkbox
billable.label = Billable?
billable.order = 3
billable.value = 1
internal = checkbox
internal.label = Internal?
internal.order = 5
internal.value = 0

For customers we created the permission role_customers.
We dont granted this role one of the TIME permissions.

Your description makes sense to me, but how implement it?

Thanks,
Steffen

comment:4 Changed 6 years ago by bobbysmith007

I actually need your configuration for permissions, not the custom fields (all the rows in the [field settings] section of the config).

The easiest way, if you are not too concerned about people trying to "hack" their way inside is to use 'hide' or 'disable' instead of 'remove', as the action of the permission. Otherwise we would need to do some more serious hacking to prevent the ability of people to change the hidden fields with crafted form posts.

comment:5 Changed 6 years ago by anonymous

Hi Russ,

heres my field_settings:
[field settings]
fields = billable, totalhours, hours, estimatedhours, internal
billable.permission = TIME_VIEW:hide, TIME_RECORD:hide
totalhours.permission = TIME_VIEW:hide, TIME_RECORD:hide
hours.permission = TIME_VIEW:hide, TIME_RECORD:hide
estimatedhours.permission = TIME_VIEW:hide, TIME_RECORD:hide
internal.permission = TIME_RECORD:hide, TIME_RECORD:hide

I tried your suggestion, but it wont work ;( Something i forgott?

Thx for the help
Steffen

comment:6 Changed 5 years ago by gomez

i still stuck with this problem. You found time to look into it?

Steffen

comment:7 Changed 5 years ago by bobbysmith007

(In [5348]) fixed bug in hidding unselected checkboxes re #4400

comment:8 Changed 5 years ago by bobbysmith007

  • Resolution set to fixed
  • Status changed from new to closed

Sorry, i missed this comment when it came through:
Replying to anonymous:

Hi Russ,

heres my field_settings:
[field settings]
fields = billable, totalhours, hours, estimatedhours, internal
billable.permission = TIME_VIEW:hide, TIME_RECORD:hide
totalhours.permission = TIME_VIEW:hide, TIME_RECORD:hide
hours.permission = TIME_VIEW:hide, TIME_RECORD:hide
estimatedhours.permission = TIME_VIEW:hide, TIME_RECORD:hide
internal.permission = TIME_RECORD:hide, TIME_RECORD:hide

I think I got this worked out, please let me know if you continue to have problems. Sorry for the delay

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.