| [4293] | 1 | from trac.core import * |
|---|
| 2 | from trac.perm import PermissionCache, IPermissionRequestor, IPermissionGroupProvider, IPermissionPolicy, PermissionSystem |
|---|
| 3 | from trac.ticket.model import Ticket |
|---|
| 4 | from trac.config import IntOption, ListOption |
|---|
| 5 | from trac.util.compat import set |
|---|
| 6 | |
|---|
| 7 | class InternalTicketsPolicy(Component): |
|---|
| 8 | """Hide internal tickets.""" |
|---|
| 9 | implements(IPermissionPolicy) |
|---|
| [4358] | 10 | group_providers = ExtensionPoint(IPermissionGroupProvider) |
|---|
| 11 | |
|---|
| [4293] | 12 | # IPermissionPolicy(Interface) |
|---|
| 13 | def check_permission(self, action, username, resource, perm): |
|---|
| 14 | self.log.debug("Internal: action:%s, user:%s, resource:%s, perm: %s" % |
|---|
| 15 | ( action, username, resource, perm)) |
|---|
| 16 | self.username = username |
|---|
| 17 | # Look up the resource parentage for a ticket. |
|---|
| 18 | while resource: |
|---|
| 19 | if resource.realm == 'ticket': |
|---|
| 20 | break |
|---|
| 21 | resource = resource.parent |
|---|
| 22 | if resource and resource.realm == 'ticket' and resource.id is not None: |
|---|
| [4358] | 23 | rtn = self.check_ticket_access(perm, resource, username) |
|---|
| [4293] | 24 | self.log.debug("Internal: RESULTS for %s: %s" % (action,rtn)) |
|---|
| 25 | return rtn |
|---|
| 26 | return None |
|---|
| [4358] | 27 | |
|---|
| 28 | # Internal methods |
|---|
| 29 | def _get_groups(self, user): |
|---|
| 30 | # Get initial subjects |
|---|
| 31 | groups = set([user]) |
|---|
| 32 | for provider in self.group_providers: |
|---|
| 33 | for group in provider.get_permission_groups(user): |
|---|
| 34 | groups.add(group) |
|---|
| 35 | |
|---|
| 36 | perms = PermissionSystem(self.env).get_all_permissions() |
|---|
| 37 | repeat = True |
|---|
| 38 | while repeat: |
|---|
| 39 | repeat = False |
|---|
| 40 | for subject, action in perms: |
|---|
| 41 | if subject in groups and action.islower() and action not in groups: |
|---|
| 42 | groups.add(action) |
|---|
| 43 | repeat = True |
|---|
| 44 | |
|---|
| 45 | return groups |
|---|
| 46 | |
|---|
| [4293] | 47 | # Public methods |
|---|
| [4358] | 48 | def check_ticket_access(self, perm, res, user): |
|---|
| [4293] | 49 | """Return if this req is permitted access to the given ticket ID.""" |
|---|
| 50 | try: |
|---|
| 51 | tkt = Ticket(self.env, res.id) |
|---|
| [6451] | 52 | except Exception, e: |
|---|
| [12035] | 53 | self.log.warning("Internal: TandE ticket_policy failed to find a ticket for %s : error: %s" % (res, unicode(e))) |
|---|
| [6451] | 54 | return None # Ticket doesn't exist / ticket id was invalid |
|---|
| [4358] | 55 | private_tkt = tkt['internal'] == '1' |
|---|
| [4293] | 56 | |
|---|
| 57 | if private_tkt: |
|---|
| 58 | # cant just check or we get in an infinite call loop |
|---|
| 59 | perm = PermissionCache(self.env, self.username, None, perm._cache) |
|---|
| [4358] | 60 | groups = self._get_groups(user) |
|---|
| 61 | perm_or_group = self.config.get('ticket', 'internalgroup', 'TIME_ADMIN' ) |
|---|
| 62 | return perm_or_group in groups or perm.has_permission(perm_or_group) |
|---|
| [4293] | 63 | return None |
|---|
