| [3598] | 1 | Notes |
|---|
| 2 | ===== |
|---|
| 3 | Allow users to only see tickets they are associated with. |
|---|
| 4 | |
|---|
| 5 | There are three main permissions for this plugin: ``TICKET_VIEW_REPORTER``, |
|---|
| 6 | ``TICKET_VIEW_CC``, and ``TICKET_VIEW_OWNER``. ``TICKET_VIEW_SELF`` is an |
|---|
| 7 | alias for all three of these. |
|---|
| 8 | |
|---|
| 9 | With each permission, users will only be able to see tickets where they are |
|---|
| 10 | the person mentioned in the permission. So if a user has |
|---|
| 11 | ``TICKET_VIEW_REPORTER``, they can only see tickets they reported. For |
|---|
| 12 | ``TICKET_VIEW_CC``, they just have to be included in the CC list. |
|---|
| 13 | |
|---|
| 14 | There are also group-based permissions: ``TICKET_VIEW_REPORTER_GROUP``, |
|---|
| 15 | ``TICKET_VIEW_CC_GROUP``, and ``TICKET_VIEW_OWNER_GROUP``. These work in a |
|---|
| 16 | similar way to their non-group counterparts, except that you are granted |
|---|
| 17 | access if you share a group with the target user. For example, if ticket 1 was |
|---|
| 18 | reported by Allan, and Allan and Bob are both in the group company_foo, and |
|---|
| 19 | Bob has ``TICKET_VIEW_REPORTER_GROUP``, then Bob will be able to see ticket 1 |
|---|
| 20 | since he shares a group with the reporter. Each group-based permission is also |
|---|
| 21 | an alias for the normal one, so you do not have to grant both. |
|---|
| 22 | ``TICKET_VIEW_GROUP`` is an alias for all the group-based permissions (and |
|---|
| 23 | therefore all the normal ones as well). |
|---|
| 24 | |
|---|
| 25 | These extra permissions can only deny access, not allow it. This means the |
|---|
| 26 | user must still have ``TICKET_VIEW`` granted as normal. |
|---|
| 27 | |
|---|
| 28 | Finally, users with ``TRAC_ADMIN`` will not be restricted by this plugin. |
|---|
| [3751] | 29 | The meta-user "anonymous" also cannot be restricted by this plugin, as their |
|---|
| 30 | identity isn't known to be checked. Be sure to not grant ``TICKET_VIEW`` to |
|---|
| 31 | anonymous, or unauthenticated users will be able to see all tickets. |
|---|
| [3598] | 32 | |
|---|
| 33 | Configuration |
|---|
| 34 | ============= |
|---|
| 35 | All configuration options go in the ``[privatetickets]`` section. |
|---|
| 36 | |
|---|
| 37 | ``group_blacklist`` |
|---|
| 38 | Groups to ignore for the purposes of the ``*_GROUP`` permissions. |
|---|
| 39 | |
|---|
| 40 | Defaults to "``anonymous, authenticated``" |
|---|
| 41 | |
|---|
| 42 | You must also add ``PrivateTicketsPolicy`` to your ``permission_policies`` |
|---|
| 43 | setting in trac.ini. It must be before the ``DefaultPermissionPolicy``. See |
|---|
| 44 | below for an example if you don't have any other policies. |
|---|
| 45 | |
|---|
| 46 | Example |
|---|
| 47 | ======= |
|---|
| 48 | An example configuration:: |
|---|
| 49 | |
|---|
| 50 | [privatetickets] |
|---|
| 51 | group_blacklist = anonymous, authenticated, labusers |
|---|
| 52 | |
|---|
| 53 | [components] |
|---|
| 54 | privatetickets.* = enabled |
|---|
| 55 | |
|---|
| 56 | [trac] |
|---|
| 57 | permission_policies = PrivateTicketsPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy |
|---|
