Modify

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#6519 closed defect (fixed)

Permission is not recognized

Reported by: zhijiex@… Owned by: obs
Priority: high Component: BlackMagicTicketTweaksPlugin
Severity: critical Keywords:
Cc: normanr Trac Release: 0.11

Description

I installed virtualticketpermissions plugin which has permission TICKET_IS_OWNER. The permission means that only ticket owner can change the ticket properties. My configuration as below:
[blackmagic]
tweaks = severity, priority
priority.permissions = TICKET_IS_OWNER
severit.permissions = TICKET_IS_OWNER

I found that not ticket owner can still change priority. The permission TICKET_IS_OWNER is not working. How can I make it work?

Attachments (3)

ownTicket.doc (43.5 KB) - added by anonymous 5 years ago.
notOwnTicket.doc (41.0 KB) - added by anonymous 5 years ago.
BlackMagicTicketTweaks-0.1-py2.6.egg (23.2 KB) - added by obs 5 years ago.
Patched egg

Download all attachments as: .zip

Change History (34)

comment:1 Changed 5 years ago by obs

Did you enable both the BlackMagicTicketTweaks and VirtualTicketPermissions permission policies in trac.ini?

comment:2 Changed 5 years ago by anonymous

My permission policies is as below:
permission_policies = BlackMagicTicketTweaks, DefaultPermissionPolicy,VirtualTicketPermissionsPolicy

VirtualTicketPermissionsPolicy permission can work.

comment:3 Changed 5 years ago by obs

Try setting it to the following

permission_policies = VirtualTicketPermissionsPolicy, BlackMagicTicketTweaks, DefaultPermissionPolicy

Let me know if it makes a difference, remember to restart trac after you change it.

comment:4 Changed 5 years ago by anonymous

Now severity, priority do not allow to change whatever it is ticket owner or not. Even new ticket severity and priority do not allow to input value.

comment:5 Changed 5 years ago by obs

  • Status changed from new to assigned

I'll have a play and get back to you.

comment:6 Changed 5 years ago by obs

  • Resolution set to worksforme
  • Status changed from assigned to closed

Hi

I just tested and noticed you typo'd in your trac.ini you said you have

[blackmagic] 
tweaks = severity, priority 
priority.permissions = TICKET_IS_OWNER 
severit.permissions = TICKET_IS_OWNER

It should be

[blackmagic] 
tweaks = severity, priority 
priority.permission = TICKET_IS_OWNER 
severity.permission = TICKET_IS_OWNER

(No s on permission and you missed a y of severity).

That configuration works for me.

comment:7 Changed 5 years ago by anonymous

  • Resolution worksforme deleted
  • Status changed from closed to reopened

I corrected trac.ini as below:
[blackmagic]
tweaks = priority,component
component.hide = true
priority.permission = TICKET_IS_OWNER

accept = new,assigned,accepted,reopened -> accepted
accept.operations = set_owner_to_self
accept.permissions = TICKET_IS_OWNER

component can be hidden. But priority still does not work.
I found that:

  1. If authenticated user has no permission TICKET_IS_OWNER he can not change priority.
  2. If authenticated user has permission TICKET_IS_OWNER he can change priority forwever.

That meanse priority.permission = TICKET_IS_OWNER does not work. Especially I can not understand why authenticated user can not change new ticket priority if no permission TICKET_IS_OWNER.

comment:8 Changed 5 years ago by obs

  • Resolution set to worksforme
  • Status changed from reopened to closed

You state that if they don't have TICKET_IS_OWNER and are authenticated then they cannot change the owner, if they do have TICKET_IS_OWNER they can change priority.

That means the priority.permission = TICKET_IS_OWNER is working how it should be. If they do not have the TICKET_IS_OWNER permission i.e. it's a new ticket (new tickets have no owner), or it is not assigned to them they cannot change the priority.

The *.permission option is the permissions the user must have to change the property.

comment:9 Changed 5 years ago by anonymous

  • Resolution worksforme deleted
  • Status changed from closed to reopened

As for VirtualTicketPermissionsPolicy plugin the login user will get permission TICKET_IS_OWNER automatically if he is the ticket owner. So we can not do not permitted action. But for *.permission option have no such function. That's why ticket owner can not change allowed to change property 'priority'.

comment:10 Changed 5 years ago by obs

  • Resolution set to worksforme
  • Status changed from reopened to closed

You're confusing me, your settings have it so if they have the TICKET_IS_OWNER permission they can edit priority, and you state that they can edit priority if they are the owner, so there is no problem here that is how it is meant to work.

comment:11 Changed 5 years ago by anonymous

I got your meaning.
The annoyed problem is that only ticket owner can change properties. Authenticated user can not change created ticket properties if they are not ticket owner. Does BlackMagic plugin have no such function to adjudge if user is the created ticket owner?

comment:12 Changed 5 years ago by anonymous

The *.permission is allowed to be a comma separated list so if you wanted the creator and the owner to edit it you could use the virtual ticket permissions plugin to set

priority.permission = TICKET_IS_OWNER, TICKET_IS_REPORTER

That would allow the creator and owner to edit the ticket.

priority.permission = TICKET_IS_OWNER, TICKET_IS_REPORTER, TICKET_MODIFY

would allow the owner, report and anyone with the TICKET_MODIFY permission to edit it.

Does that solve your problem?

comment:13 Changed 5 years ago by anonymous

priority.permission = TICKET_IS_OWNER, TICKET_MODIFY
Can not solve this problem.
Because TICKET_IS_OWNER is assigned dynamically based on current login user own ticket. And most of authenticated users have TICKET_MODIFY. So BlackMagic plugin can not recognize who have true permission to change properties. The solved method is that BlackMagic plugin can judge whether login user is ticket owner when viewing ticket. If true the user will get TICKET_IS_OWNER permission dynamically.

comment:14 Changed 5 years ago by obs

The plugin does detect if they have TICKET_IS_OWNER, we've proved this by your earlier statement that authenticated users that own tickets can modify permissions. Are you now saying that you have tried priority.permission = TICKET_IS_OWNER, TICKET_MODIFY and that doesn't work? That would suggest the plugin isn't detecting multiple permissions correctly, let me know if this is the case.

comment:15 Changed 5 years ago by anonymous

Authenticated users must be assigned TICKET_IS_OWNER manually. The plugin can not detect the permission TICKET_IS_OWNER dynamically. That means authenticated users that own tickets can not change properties if they are not granted TICKET_IS_OWNER manually.

comment:16 Changed 5 years ago by obs

By dynamically I assume you mean automatically. TICKET_IS_OWNER is assigned by the VirtualTicketPermissionsPlugin if the owner field is set to the user, the BlackMagicTicketTweaksPlugin then detects this from the VirtualTicketPermissionsPlugin and allows editing of fields. This works I have tested it, if it doesn't work for you then you need to change your configuration settings, or you are just not understanding how the plugins work.

Changed 5 years ago by anonymous

Changed 5 years ago by anonymous

comment:17 Changed 5 years ago by anonymous

Please see attachmented files. Same user that own ticket has more action than not own ticket. These pic can prove that VirtualTicketPermissionPlugin works. But prioprity can not be changed whatever user is ticket owner or not. That proves BlackMagicTicketTweaksPlugin permission does not work. And system property is hidden. Below is blackmagic in trac.ini config:
[blackmagic]
tweaks = priority,system
system.hide = true
priority.permission = TICKET_IS_OWNER

comment:18 Changed 5 years ago by obs

That's very strange, for me it works.

Can you set your permission_policies to the following

[trac]
permission_policies = DefaultPermissionPolicy, LegacyAttachmentPolicy,VirtualTicketPermissionsPolicy,BlackMagicTicketTweaks

If that doesn't work let me know what version of trac you are using and I will test again.

comment:19 Changed 5 years ago by anonymous

There is no any changes.
Trac version info is as below:
Trac: 0.11.6
Python: 2.4.3 (#1, Jan 21 2009, 01:10:13) [GCC 4.1.2 20071124 (Red Hat 4.1.2-42)]
setuptools: 0.6c9
SQLite: 3.3.6
pysqlite: 1.1.7
Genshi: 0.5.1
mod_python: 3.2.8
jQuery: 1.2.6

comment:20 Changed 5 years ago by anonymous

I think TICKET_IS_OWNER is not truely assigned by the VirtualTicketPermissionsPlugin if the owner field is set to the user. It is virtually assigned permission. So BlackMagicTicketTweaksPlugin can not detect TICKET_IS_OWNER permission. But I assigned TICKET_IS_OWNER manually BlackMagicTicketTweaksPlugin can detect it and works fine.

Changed 5 years ago by obs

Patched egg

comment:21 Changed 5 years ago by obs

  • Resolution worksforme deleted
  • Status changed from closed to reopened

Try using the patched egg file I just attached, replace the current one in your <environment>/plugins directory. I tested and it works on 0.11.6 (for some reason the problem doesn't occur on 0.11.7-dev)

comment:22 Changed 5 years ago by anonymous

I do not see attached egg file. Please attach again.

comment:23 Changed 5 years ago by anonymous

scroll up to the very top of this ticket

BlackMagicTicketTweaks-0.1-py2.6.egg (23.2 kB) - added by obs on 02/10/10 03:51:24.
Patched egg

comment:24 Changed 5 years ago by anonymous

I copied BlackMagicTicketTweaks-0.1-py2.6.egg to the plugins directory. Admin panel-> plugins menu does not display the plugin. That means the BlackMagicTicketTweaks-0.1-py2.6.egg can not be detected.

comment:25 Changed 5 years ago by anonymous

Check your file permissions or install it via the web admin

comment:26 Changed 5 years ago by anonymous

I changed name BlackMagicTicketTweaks?-0.1-py2.6.egg into BlackMagicTicketTweaks?-0.1-py2.4.egg. Now the plugin can be detected.
This time I found that my blackmagic permission setting is really working. For view ticket priority can be controlled by ticket owner.
But for new ticket: the priority property is always forbidden to be changed. If this problem can be fixed then all works fine.

comment:27 Changed 5 years ago by anonymous

For new tickets there is no TICKET_IS_OWNER permission so I can't do anything about that. I could change the plugin to allow different settings for new tickets but that will take a while.

comment:28 Changed 5 years ago by obs

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [7530]) fixed issue where BMTTP was doing a global permission check which interfered with VirtualTicketPermissionsPolicy Plugin fixes #6519 created enhancement ticket #6610 for "new" ticket permissions request

comment:29 Changed 5 years ago by normanr

Should this be extended to ticket_types checks?

Although I can't think of a practical reason why ticket_types should be limited based on any of the virtual permissions.

Would it be useful to only set to type:blah if you're the owner, or something *shrug* (I'm thinking the default type would be unknown, and only owners can categorize tickets)

comment:30 Changed 5 years ago by normanr

  • Cc normanr added

comment:31 Changed 5 years ago by obs

I suppose it could be useful, it would restrict tickets you can view in reports to only those you're TICKET_IS_OWNER to, to prevent user's changing the type unless they're owner you can just put

type.permission = TICKET_IS_OWNER

I'll probably implement what you suggest on the next release since it will clean up some code in the plugin anyway.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.