Changes between Version 23 and Version 24 of SensitiveTicketsPlugin


Ignore:
Timestamp:
Mar 12, 2015, 9:15:32 AM (9 years ago)
Author:
figaro
Comment:

Cosmetic changes, tagged with license

Legend:

Unmodified
Added
Removed
Modified

  • SensitiveTicketsPlugin

    v23 v24  
    11[[PageOutline(2-5,Contents,pullout)]]
    2 = !SensitiveTickets =
    32
    4 Hide sensitive tickets with a checkbox.
     3= Hide sensitive tickets with a checkbox
    54
    6 == Description ==
     5== Description
    76
    87[SensitiveTicketsPlugin SensitiveTickets] is a plugin that lets users mark tickets as "sensitive" with a checkbox on the ticket form.  Sensitive tickets are viewable only to those with the `SENSITIVE_VIEW` permission.
    98
    10 ''Beware:'' Hooks that send mail on ticket changes will still send mail for sensitive tickets; this may not be what you want.
     9'''Beware''':
     10 * Hooks that send mail on ticket changes will still send mail for sensitive tickets; this may not be what you want.
     11 * In versions of Trac prior to 1.0.2, if the plugin is removed, disabled, or fails to load, Trac will display sensitive tickets ([ticket:5784 "failing open" instead of "failing closed"]).
    1112
    12 ''Beware:'' In versions of Trac prior to 1.0.2, if the plugin is removed, disabled, or fails to load, Trac will display sensitive tickets ([ticket:5784 "failing open" instead of "failing closed"]).
    13 
    14 This plugin is supported on trac 0.11.6 or higher.
    15 
    16 === Examples ===
    17 
    18 A user submits a security related ticket to a project's Trac, which is generally open to the public.  They mark it as "Sensitive" so that only people in the internal team that deal with security issues can see the ticket.
    19 
    20 A team uses Trac to handle its business development tasks, but wants to leave the record open for all.  Some tasks, however--say, dealing with difficult clients--are sensitive.  Those tickets are marked as sensitive and hidden to others but viewable by the business development team.
    21 
    22 === History/Related ===
     13This plugin is supported on Trac 0.11.6 or higher.
    2314
    2415The plugin is based on the example [http://svn.edgewall.com/repos/trac/trunk/sample-plugins/permissions/vulnerability_tickets.py  vulnerability_tickets.py] but uses a checkbox instead of text in the summary or keywords to mark a ticket as sensitive.
     
    2617See also: PrivateTicketsPlugin.
    2718
    28 == Configuration ==
    29 
    30 Once this plugin is enabled, you'll have to insert it at the appropriate
    31 place in your list of permission policies, e.g.
    32 {{{
    33 [trac]
    34 permission_policies = SensitiveTicketsPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy
    35 }}}
    36 
    37 Users with SENSITIVE_VIEW privileges will be able to see and act on tickets marked sensitive, as will any user configured to be able to bypass the sensitive marker (e.g. if the user is the ticket owner or reporter, or is in the CC field, and the associated flags are set in `[sensitivetickets]` section of `trac.ini`.
    38 
    39 This plugin also adds the SENSITIVE_ACTIVITY_VIEW permission,
    40 which is narrower in scope than SENSITIVE_VIEW.  Accounts with
    41 SENSITIVE_ACTIVITY_VIEW will be able to see activity on sensitive
    42 material in the timeline, but will only be able to identify it by
    43 ticket number, comment number, and timestamp.  All other content
    44 will be redacted.
    45    
    46 SENSITIVE_ACTIVITY_VIEW can be useful (for example) for
    47 providing a notification daemon the ability to tell that some
    48 activity happened without leaking the content of that activity.
    49 
    50 
    51 Needs an environment upgrade (or just adding the appropriate stanza to `[ticket-custom]` in `trac.ini` after enabling.
    52 
    53 == Bugs/Feature Requests ==
     19== Bugs/Feature Requests
    5420
    5521Existing bugs and feature requests for SensitiveTicketsPlugin are
     
    5925[http://trac-hacks.org/newticket?component=SensitiveTicketsPlugin&owner=dkgdkg new ticket].
    6026
    61 == Source & Download ==
     27[[TicketQuery(component=SensitiveTicketsPlugin&group=type,format=progress)]]
     28
     29== Source & Download
    6230
    6331You can check out SensitiveTicketsPlugin from [http://trac-hacks.org/svn/sensitiveticketsplugin here] using Subversion, or [source:sensitiveticketsplugin browse the source] with Trac.
     
    6533Download the zipped source from [download:sensitiveticketsplugin here].
    6634
    67 == Recent Changes ==
     35== Configuration
     36
     37Once this plugin is enabled, you'll have to insert it at the appropriate place in your list of permission policies:
     38{{{
     39[trac]
     40permission_policies = SensitiveTicketsPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy
     41}}}
     42
     43Users with `SENSITIVE_VIEW` privileges will be able to see and act on tickets marked sensitive, as will any user configured to be able to bypass the sensitive marker. For example, his happens in the case the user is the ticket owner or reporter or is in the CC field, and the associated flags are set in `[sensitivetickets]` section of `trac.ini`.
     44
     45This plugin also adds the `SENSITIVE_ACTIVITY_VIEW` permission, which is narrower in scope than `SENSITIVE_VIEW`. Accounts with `SENSITIVE_ACTIVITY_VIEW` will be able to see activity on sensitive material in the timeline, but will only be able to identify it by ticket number, comment number and timestamp. All other content will be redacted.
     46   
     47SENSITIVE_ACTIVITY_VIEW can be useful (for example) for providing a notification daemon the ability to tell that some activity happened without leaking the content of that activity.
     48
     49Needs an environment upgrade or just adding the appropriate stanza to `[ticket-custom]` in `trac.ini` after enabling.
     50
     51=== Examples
     52
     53A user submits a security related ticket to a project's Trac, which is generally open to the public. They mark it as "Sensitive" so that only people in the internal team that deal with security issues can see the ticket.
     54
     55A team uses Trac to handle its business development tasks, but wants to leave the record open for all. Some tasks, however, say, dealing with difficult clients, are sensitive. Those tickets are marked as sensitive and hidden to others, but viewable by the business development team.
     56
     57== Recent Changes
    6858
    6959[[ChangeLog(sensitiveticketsplugin, 3)]]
    7060
    71 == Author/Contributors ==
     61== Author/Contributors
    7262
    7363'''Authors:''' [wiki:sbenthall], [wiki:dkgdkg] [[BR]]
    74 '''Maintainer:''' [wiki:dkgdkg] [[BR]]
     64'''Maintainer:''' [[Maintainer]] [[BR]]
    7565'''Contributors:''' [wiki:k0s], [wiki:obs] [[BR]]