Modify

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#9053 closed defect (fixed)

Support TRAC 0.12.2 ?

Reported by: anonymous Owned by: rjollos
Priority: high Component: SimpleTicketPlugin
Severity: normal Keywords:
Cc: falkb Trac Release: 0.12

Description

under TRAC 0.12.2 the SimpleTicketPlugin dosen't work. Every user have the permission, which are defined in the trac.ini (hide=....). I can not set the permission with TICKET_CREATE_SIMPLE.

What is the problem?

Attachments (0)

Change History (14)

comment:1 Changed 3 years ago by rjollos

  • Owner changed from coderanger to rjollos
  • Status changed from new to assigned

comment:2 Changed 3 years ago by falkb

  • Cc falkb added

comment:3 Changed 3 years ago by rjollos

I'm having trouble understanding the original report, but the behavior I'm seeing is that do_filter = 'TICKET_CREATE_SIMPLE' in req.perm is always true.

comment:4 follow-up: Changed 3 years ago by falkb

I think "Every user has the permission" means the filter is active for everyone, and "I can not set the permission with TICKET_CREATE_SIMPLE" means that setting TICKET_CREATE_SIMPLE for certain users has no effect.

comment:5 in reply to: ↑ 4 ; follow-up: Changed 3 years ago by rjollos

Replying to falkb:

I think "Every user has the permission" means the filter is active for everyone, and "I can not set the permission with TICKET_CREATE_SIMPLE" means that setting TICKET_CREATE_SIMPLE for certain users has no effect.

Okay, that is sort of what I was seeing as well. Would you be willing to do some testing?

The problem I described in comment:2 was due to granting TRAC_ADMIN to anonymous in my dev environment. TRAC_ADMIN seems to inherit all other permissions, so a user with TRAC_ADMIN will see the simple ticket form. I'm going to change the plugin so that TICKET_CREATE_SIMPLE will never apply to a user with the TRAC_ADMIN permission.

The plugin seems to work well with 0.12.3dev, otherwise. I'll add the 0.12 tag to the wiki page.

comment:6 Changed 3 years ago by rjollos

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [10990]) Fixes #9053: The TICKET_CREATE_SIMPLE permission is not applied to a user with TRAC_ADMIN permission.

comment:7 Changed 3 years ago by falkb

Uhm...

  File ".....\plugins\tracsimpleticket-3.0-py2.5.egg\simpleticket\web_ui.py", line 27
     and not 'TRAC_ADMIN' in req.perm
    ^
IndentationError: unexpected indent (web_ui.py, line 27)

comment:8 Changed 3 years ago by rjollos

Sorry about that. Will fix it now.

comment:9 Changed 3 years ago by rjollos

(In [10992]) Refs #9053: Fixed bad indentation in [10990].

comment:10 in reply to: ↑ 5 ; follow-up: Changed 3 years ago by falkb

Replying to rjollos:

I'm going to change the plugin so that TICKET_CREATE_SIMPLE will never apply to a user with the TRAC_ADMIN permission.

yup, [10992] has implemented this. :-)

It's a good behaviour, that if TRAC_ADMIN is set without TICKET_CREATE_SIMPLE, it should not inherit option TICKET_CREATE_SIMPLE. Though I'd rather love to see that if TICKET_CREATE_SIMPLE is set, it automatically overrules TICKET_CREATE. This way I could set someone to TRAC_ADMIN+TICKET_CREATE_SIMPLE, so all is allowed except the restricted things by this plugin. Actually TICKET_CREATE_SIMPLE is an overruler to TICKET_CREATE - if activated then use it, else use common ticket creation

The plugin seems to work well with 0.12.3dev, otherwise. I'll add the 0.12 tag to the wiki page.

0.12.2 works well also

comment:11 in reply to: ↑ 10 Changed 3 years ago by rjollos

Replying to falkb:

It's a good behaviour, that if TRAC_ADMIN is set without TICKET_CREATE_SIMPLE, it should not inherit option TICKET_CREATE_SIMPLE. Though I'd rather love to see that if TICKET_CREATE_SIMPLE is set, it automatically overrules TICKET_CREATE.

The behavior I'm seeing is that if a user has TICKET_CREATE_SIMPLE and TICKET_CREATE, the user sees the simplified ticket interface. I think the following code means that any user having TICKET_CREATE_SIMPLE will also be given the TICKET_CREATE permission:

    def get_permission_actions(self):
        yield 'TICKET_CREATE_SIMPLE', ['TICKET_CREATE']

This way I could set someone to TRAC_ADMIN+TICKET_CREATE_SIMPLE, so all is allowed except the restricted things by this plugin.

Unless we make it so that a user with TICKET_CREATE does not see the simple ticket form even when they also have TICKET_CREATE_SIMPLE, I don't see how this will be possible. However, I'm not sure it is possible to grant TICKET_CREATE_SIMPLE without also granting TICKET_CREATE because of the way that a user with TICKET_CREATE_SIMPLE is granted TICKET_CREATE, according to the snipet I showed above. I experimented with trying to do this, but no success.

Actually TICKET_CREATE_SIMPLE is an overruler to TICKET_CREATE - if activated then use it, else use common ticket creation

Okay, yeah that is the behavior I'm seeing.

comment:12 follow-up: Changed 3 years ago by falkb

Well, it's a bit tricky to understand. But it looks like the actual problem is that you can't subtract permissions but only add. I gave some people TRAC_ADMIN for full responsibility though they aren't interested in some ticket fields (like 'billable'). I thought I could additionally give them TICKET_CREATE_SIMPLE and define what is visible in such case.

comment:13 in reply to: ↑ 12 ; follow-up: Changed 3 years ago by rjollos

Replying to falkb:

Well, it's a bit tricky to understand. But it looks like the actual problem is that you can't subtract permissions but only add. I gave some people TRAC_ADMIN for full responsibility though they aren't interested in some ticket fields (like 'billable'). I thought I could additionally give them TICKET_CREATE_SIMPLE and define what is visible in such case.

BlackMagicTicketTweaks might do what you want. I haven't used it though.

comment:14 in reply to: ↑ 13 Changed 3 years ago by falkb

Replying to rjollos:

BlackMagicTicketTweaks might do what you want. I haven't used it though.

Thanks, rjollos. By plugin setting ondenial , BlackMagicTicketTweaksPlugin allows to hide or disable ticket fields depending on if permissions are missing. But TRAC_ADMIN has all permissions, that's why ondenial doesn't help either for my desired permission case, which should logically means "TRAC_ADMIN but restricted view on ticket fields". Well, I think that's another story and doesn't further belong to this ticket.

Add Comment

Modify Ticket

Action
as closed The owner will remain rjollos.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.