source: timingandestimationplugin/branches/trac0.11-Permissions/timingandestimationplugin/ticket_policy.py

Last change on this file was 12035, checked in by Russ Tyndall, 11 years ago

prevent unicode error fix #10141

File size: 2.6 KB
Line 
1from trac.core import *
2from trac.perm import PermissionCache, IPermissionRequestor, IPermissionGroupProvider, IPermissionPolicy, PermissionSystem
3from trac.ticket.model import Ticket
4from trac.config import IntOption, ListOption
5from trac.util.compat import set
6
7class InternalTicketsPolicy(Component):
8    """Hide internal tickets."""
9    implements(IPermissionPolicy)
10    group_providers = ExtensionPoint(IPermissionGroupProvider)
11
12    # IPermissionPolicy(Interface)
13    def check_permission(self, action, username, resource, perm):
14        self.log.debug("Internal: action:%s, user:%s, resource:%s, perm: %s" %
15                       ( action, username, resource, perm))
16        self.username = username
17        # Look up the resource parentage for a ticket.
18        while resource:
19            if resource.realm == 'ticket':
20                break
21            resource = resource.parent
22        if resource and resource.realm == 'ticket' and resource.id is not None:
23            rtn = self.check_ticket_access(perm, resource, username)
24            self.log.debug("Internal: RESULTS for %s: %s" % (action,rtn))
25            return rtn
26        return None
27
28    # Internal methods   
29    def _get_groups(self, user):
30        # Get initial subjects
31        groups = set([user])
32        for provider in self.group_providers:
33            for group in provider.get_permission_groups(user):
34                groups.add(group)
35       
36        perms = PermissionSystem(self.env).get_all_permissions()
37        repeat = True
38        while repeat:
39            repeat = False
40            for subject, action in perms:
41                if subject in groups and action.islower() and action not in groups:
42                    groups.add(action)
43                    repeat = True 
44       
45        return groups   
46
47    # Public methods
48    def check_ticket_access(self, perm, res, user):
49        """Return if this req is permitted access to the given ticket ID."""
50        try:
51            tkt = Ticket(self.env, res.id)
52        except Exception, e:
53            self.log.warning("Internal: TandE ticket_policy failed to find a ticket for %s : error: %s" %  (res, unicode(e)))
54            return None # Ticket doesn't exist / ticket id was invalid
55        private_tkt = tkt['internal'] == '1'
56
57        if private_tkt:
58            # cant just check or we get in an infinite call loop
59            perm = PermissionCache(self.env, self.username, None, perm._cache)
60            groups = self._get_groups(user)
61            perm_or_group = self.config.get('ticket', 'internalgroup', 'TIME_ADMIN' )
62            return perm_or_group in groups or perm.has_permission(perm_or_group)
63        return None
Note: See TracBrowser for help on using the repository browser.