Modify

Opened 6 years ago

Last modified 4 years ago

#4632 new enhancement

Hours permissions

Reported by: interstellar Owned by: rjollos
Priority: normal Component: TracHoursPlugin
Severity: normal Keywords:
Cc: interstellar, christer@… Trac Release: 0.11

Description

Implement permissions for TracHoursPlugin.

Permissions like HOURS_VIEW, HOURS_MANAGE, HOURS_ADMIN would be nice. And if a user has specific permissions, the hours navigation button would be visible or not.

Right now, if one (even anonymous) has a TICKET_VIEW permission, he can see all hours.

Attachments (2)

workaround.patch (495 bytes) - added by anonymous 6 years ago.
workaround - checks if user has TICKET_VIEW, else shows /hours - this checks for permissions
implement_HOURS_VIEW.diff (1.3 KB) - added by Havok 4 years ago.
Implementation of HOURS_VIEW feature.

Download all attachments as: .zip

Change History (11)

comment:1 Changed 6 years ago by bolsog@…

even more problematic:
anonymous can view /hours/<ticket-num>
even if anonymous has NO rights at all.

Changed 6 years ago by anonymous

workaround - checks if user has TICKET_VIEW, else shows /hours - this checks for permissions

comment:2 Changed 4 years ago by anonymous

please fix somehow.

Changed 4 years ago by Havok

Implementation of HOURS_VIEW feature.

comment:3 follow-up: Changed 4 years ago by Havok

I've implemented the feature HOURS_VIEW. I've appended the patch (revision 8601, 0.11 branch).

Now user must have HOURS_VIEW to view /hours paths. Also, the mainnav tab doesn't show if user doesn't have HOURS_VIEW too.

Cheers

comment:4 in reply to: ↑ 3 ; follow-up: Changed 4 years ago by interstellar

I've applied the patch, but now the Cross-project hours feature doesn't show any hours.

Did anybody experience the same thing?

Replying to Havok:

I've implemented the feature HOURS_VIEW. I've appended the patch (revision 8601, 0.11 branch).

Now user must have HOURS_VIEW to view /hours paths. Also, the mainnav tab doesn't show if user doesn't have HOURS_VIEW too.

Cheers

comment:5 in reply to: ↑ 4 ; follow-up: Changed 4 years ago by Havok

I'm not using the Multiproject feature, but the patch should not be a problem, since it only provide an extra permission layer that the user need to pass in order to access the Hours views. Sure you granted the HOURS_VIEW permission to users?

Cheers

Replying to interstellar:

I've applied the patch, but now the Cross-project hours feature doesn't show any hours.

Did anybody experience the same thing?

comment:6 in reply to: ↑ 5 Changed 4 years ago by interstellar

Sure, I added HOURS_VIEW permission to authenticated group.

When I reverted hours.py to a version before your patch - cross-project hours started working again.

Replying to Havok:

I'm not using the Multiproject feature, but the patch should not be a problem, since it only provide an extra permission layer that the user need to pass in order to access the Hours views. Sure you granted the HOURS_VIEW permission to users?

Cheers

Replying to interstellar:

I've applied the patch, but now the Cross-project hours feature doesn't show any hours.

Did anybody experience the same thing?

comment:7 Changed 4 years ago by rjollos

#8122 closed as a duplicate.

comment:8 Changed 4 years ago by rjollos

  • Owner changed from k0s to rjollos

Reassigning ticket to new maintainer.

comment:9 Changed 4 years ago by rjollos

  • Cc christer@… added

#8347 requests that anonymous users not be allowed to access the Hours page.

Add Comment

Modify Ticket

Action
as new The owner will remain rjollos.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.