#6519 closed defect (fixed)
Permission is not recognized
| Reported by: | Owned by: | obs | |
|---|---|---|---|
| Priority: | high | Component: | BlackMagicTicketTweaksPlugin |
| Severity: | critical | Keywords: | |
| Cc: | Norman Rasmussen | Trac Release: | 0.11 |
Description
I installed virtualticketpermissions plugin which has permission TICKET_IS_OWNER. The permission means that only ticket owner can change the ticket properties. My configuration as below: [blackmagic] tweaks = severity, priority priority.permissions = TICKET_IS_OWNER severit.permissions = TICKET_IS_OWNER
I found that not ticket owner can still change priority. The permission TICKET_IS_OWNER is not working. How can I make it work?
Attachments (3)
Change History (34)
comment:1 Changed 14 years ago by
comment:2 Changed 14 years ago by
My permission policies is as below: permission_policies = BlackMagicTicketTweaks, DefaultPermissionPolicy,VirtualTicketPermissionsPolicy
VirtualTicketPermissionsPolicy permission can work.
comment:3 Changed 14 years ago by
Try setting it to the following
permission_policies = VirtualTicketPermissionsPolicy, BlackMagicTicketTweaks, DefaultPermissionPolicy
Let me know if it makes a difference, remember to restart trac after you change it.
comment:4 Changed 14 years ago by
Now severity, priority do not allow to change whatever it is ticket owner or not. Even new ticket severity and priority do not allow to input value.
comment:6 Changed 14 years ago by
| Resolution: | → worksforme |
|---|---|
| Status: | assigned → closed |
Hi
I just tested and noticed you typo'd in your trac.ini you said you have
[blackmagic] tweaks = severity, priority priority.permissions = TICKET_IS_OWNER severit.permissions = TICKET_IS_OWNER
It should be
[blackmagic] tweaks = severity, priority priority.permission = TICKET_IS_OWNER severity.permission = TICKET_IS_OWNER
(No s on permission and you missed a y of severity).
That configuration works for me.
comment:7 Changed 14 years ago by
| Resolution: | worksforme |
|---|---|
| Status: | closed → reopened |
I corrected trac.ini as below: [blackmagic] tweaks = priority,component component.hide = true priority.permission = TICKET_IS_OWNER
accept = new,assigned,accepted,reopened -> accepted accept.operations = set_owner_to_self accept.permissions = TICKET_IS_OWNER
component can be hidden. But priority still does not work. I found that:
- If authenticated user has no permission TICKET_IS_OWNER he can not change priority.
- If authenticated user has permission TICKET_IS_OWNER he can change priority forwever.
That meanse priority.permission = TICKET_IS_OWNER does not work. Especially I can not understand why authenticated user can not change new ticket priority if no permission TICKET_IS_OWNER.
comment:8 Changed 14 years ago by
| Resolution: | → worksforme |
|---|---|
| Status: | reopened → closed |
You state that if they don't have TICKET_IS_OWNER and are authenticated then they cannot change the owner, if they do have TICKET_IS_OWNER they can change priority.
That means the priority.permission = TICKET_IS_OWNER is working how it should be. If they do not have the TICKET_IS_OWNER permission i.e. it's a new ticket (new tickets have no owner), or it is not assigned to them they cannot change the priority.
The *.permission option is the permissions the user must have to change the property.
comment:9 Changed 14 years ago by
| Resolution: | worksforme |
|---|---|
| Status: | closed → reopened |
As for VirtualTicketPermissionsPolicy plugin the login user will get permission TICKET_IS_OWNER automatically if he is the ticket owner. So we can not do not permitted action. But for *.permission option have no such function. That's why ticket owner can not change allowed to change property 'priority'.
comment:10 Changed 14 years ago by
| Resolution: | → worksforme |
|---|---|
| Status: | reopened → closed |
You're confusing me, your settings have it so if they have the TICKET_IS_OWNER permission they can edit priority, and you state that they can edit priority if they are the owner, so there is no problem here that is how it is meant to work.
comment:11 Changed 14 years ago by
I got your meaning. The annoyed problem is that only ticket owner can change properties. Authenticated user can not change created ticket properties if they are not ticket owner. Does BlackMagic plugin have no such function to adjudge if user is the created ticket owner?
comment:12 Changed 14 years ago by
The *.permission is allowed to be a comma separated list so if you wanted the creator and the owner to edit it you could use the virtual ticket permissions plugin to set
priority.permission = TICKET_IS_OWNER, TICKET_IS_REPORTER
That would allow the creator and owner to edit the ticket.
priority.permission = TICKET_IS_OWNER, TICKET_IS_REPORTER, TICKET_MODIFY
would allow the owner, report and anyone with the TICKET_MODIFY permission to edit it.
Does that solve your problem?
comment:13 Changed 14 years ago by
priority.permission = TICKET_IS_OWNER, TICKET_MODIFY Can not solve this problem. Because TICKET_IS_OWNER is assigned dynamically based on current login user own ticket. And most of authenticated users have TICKET_MODIFY. So BlackMagic plugin can not recognize who have true permission to change properties. The solved method is that BlackMagic plugin can judge whether login user is ticket owner when viewing ticket. If true the user will get TICKET_IS_OWNER permission dynamically.
comment:14 Changed 14 years ago by
The plugin does detect if they have TICKET_IS_OWNER, we've proved this by your earlier statement that authenticated users that own tickets can modify permissions. Are you now saying that you have tried priority.permission = TICKET_IS_OWNER, TICKET_MODIFY and that doesn't work? That would suggest the plugin isn't detecting multiple permissions correctly, let me know if this is the case.
comment:15 Changed 14 years ago by
Authenticated users must be assigned TICKET_IS_OWNER manually. The plugin can not detect the permission TICKET_IS_OWNER dynamically. That means authenticated users that own tickets can not change properties if they are not granted TICKET_IS_OWNER manually.
comment:16 Changed 14 years ago by
By dynamically I assume you mean automatically. TICKET_IS_OWNER is assigned by the VirtualTicketPermissionsPlugin if the owner field is set to the user, the BlackMagicTicketTweaksPlugin then detects this from the VirtualTicketPermissionsPlugin and allows editing of fields. This works I have tested it, if it doesn't work for you then you need to change your configuration settings, or you are just not understanding how the plugins work.
Changed 14 years ago by
| Attachment: | ownTicket.doc added |
|---|
Changed 14 years ago by
| Attachment: | notOwnTicket.doc added |
|---|
comment:17 Changed 14 years ago by
Please see attachmented files. Same user that own ticket has more action than not own ticket. These pic can prove that VirtualTicketPermissionPlugin works. But prioprity can not be changed whatever user is ticket owner or not. That proves BlackMagicTicketTweaksPlugin permission does not work. And system property is hidden. Below is blackmagic in trac.ini config: [blackmagic] tweaks = priority,system system.hide = true priority.permission = TICKET_IS_OWNER
comment:18 Changed 14 years ago by
That's very strange, for me it works.
Can you set your permission_policies to the following
[trac] permission_policies = DefaultPermissionPolicy, LegacyAttachmentPolicy,VirtualTicketPermissionsPolicy,BlackMagicTicketTweaks
If that doesn't work let me know what version of trac you are using and I will test again.
comment:19 Changed 14 years ago by
There is no any changes. Trac version info is as below: Trac: 0.11.6 Python: 2.4.3 (#1, Jan 21 2009, 01:10:13) [GCC 4.1.2 20071124 (Red Hat 4.1.2-42)] setuptools: 0.6c9 SQLite: 3.3.6 pysqlite: 1.1.7 Genshi: 0.5.1 mod_python: 3.2.8 jQuery: 1.2.6
comment:20 Changed 14 years ago by
I think TICKET_IS_OWNER is not truely assigned by the VirtualTicketPermissionsPlugin if the owner field is set to the user. It is virtually assigned permission. So BlackMagicTicketTweaksPlugin can not detect TICKET_IS_OWNER permission. But I assigned TICKET_IS_OWNER manually BlackMagicTicketTweaksPlugin can detect it and works fine.
comment:21 Changed 14 years ago by
| Resolution: | worksforme |
|---|---|
| Status: | closed → reopened |
Try using the patched egg file I just attached, replace the current one in your <environment>/plugins directory. I tested and it works on 0.11.6 (for some reason the problem doesn't occur on 0.11.7-dev)
comment:23 Changed 14 years ago by
scroll up to the very top of this ticket
BlackMagicTicketTweaks-0.1-py2.6.egg (23.2 kB) - added by obs on 02/10/10 03:51:24. Patched egg
comment:24 Changed 14 years ago by
I copied BlackMagicTicketTweaks-0.1-py2.6.egg to the plugins directory. Admin panel-> plugins menu does not display the plugin. That means the BlackMagicTicketTweaks-0.1-py2.6.egg can not be detected.
comment:26 Changed 14 years ago by
I changed name BlackMagicTicketTweaks?-0.1-py2.6.egg into BlackMagicTicketTweaks?-0.1-py2.4.egg. Now the plugin can be detected. This time I found that my blackmagic permission setting is really working. For view ticket priority can be controlled by ticket owner. But for new ticket: the priority property is always forbidden to be changed. If this problem can be fixed then all works fine.
comment:27 Changed 14 years ago by
For new tickets there is no TICKET_IS_OWNER permission so I can't do anything about that. I could change the plugin to allow different settings for new tickets but that will take a while.
comment:28 Changed 14 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
comment:29 Changed 14 years ago by
Should this be extended to ticket_types checks?
Although I can't think of a practical reason why ticket_types should be limited based on any of the virtual permissions.
Would it be useful to only set to type:blah if you're the owner, or something *shrug* (I'm thinking the default type would be unknown, and only owners can categorize tickets)
comment:30 Changed 14 years ago by
| Cc: | Norman Rasmussen added; anonymous removed |
|---|
comment:31 Changed 14 years ago by
I suppose it could be useful, it would restrict tickets you can view in reports to only those you're TICKET_IS_OWNER to, to prevent user's changing the type unless they're owner you can just put
type.permission = TICKET_IS_OWNER
I'll probably implement what you suggest on the next release since it will clean up some code in the plugin anyway.
Did you enable both the BlackMagicTicketTweaks and VirtualTicketPermissions permission policies in trac.ini?