Modify

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#11826 closed enhancement (fixed)

Add support for specific permission to manage custom fields

Reported by: ahamelin Owned by: Ryan J Ollos
Priority: normal Component: CustomFieldAdminPlugin
Severity: normal Keywords:
Cc: Trac Release:

Description

I would find it useful to be able to use a distinct permission to manage custom ticket fields, like some other popular plugins do.

The issue I see right now is that managing custom fields require the full TICKET_ADMIN permission. This approach has a couple of downsides, such as permitting a user to change the owner of a ticket, etc. which is not necessarily bound to managing ticket fields, and gives more power to certain group of users than it is minimally necessary.

A minimal implementation could only include CUSTOM_FIELDS_ADMIN which would grant access to the Admin > Custom Fields admin panel. I would expect TICKET_ADMIN to still give access to the custom fields admin panel.

Attachments (0)

Change History (3)

comment:1 Changed 3 years ago by Ryan J Ollos

This is generally handled in Trac using TracFineGrainedPermissions. This is a very powerful feature that also help prevent the bloat of very specific permissions which may only apply to a narrow subset of users. Many TracFineGrainedPermissions policy issues in the admin realm have been fixed in Trac 1.0.2dev: trac:#11069.

I tested a permissions policy with Trac 1.0.1 and the latest CustomFieldAdminPlugin. The following patch is needed (which is very similar to the changes in trac:#11069):

  • customfieldadminplugin/0.11/customfieldadmin/admin.py

    diff --git a/customfieldadminplugin/0.11/customfieldadmin/admin.py b/customfield
    index 94e89d1..2fdc79c 100644
    a b class CustomFieldAdminPage(Component): 
    3030    # IAdminPanelProvider methods
    3131   
    3232    def get_admin_panels(self, req):
    33         if 'TICKET_ADMIN' in req.perm:
     33        if 'TICKET_ADMIN' in req.perm('admin', 'ticket/customfields'):
    3434            yield ('ticket', _("Ticket System"),
    3535                   'customfields', _("Custom Fields"))
    3636
    3737    def render_admin_panel(self, req, cat, page, customfield):
    38         req.perm.require('TICKET_ADMIN')
     38        req.perm('admin', 'ticket/customfields').require('TICKET_ADMIN')
    3939       
    4040        add_script(req, 'customfieldadmin/js/customfieldadmin.js')

osimons, would you kindly review?

After the patch is applied, the following policy would allow all users to access the Custom Fields page. This is probably not what you want, and is just meant as an example to get you started. See the TracFineGrainedPermissions for more details.

[admin:ticket/customfields]
* = TICKET_ADMIN

comment:2 Changed 3 years ago by Ryan J Ollos

Resolution: fixed
Status: newclosed

In 14259:

0.2.9: Support fine-grained permission checks on the Custom Field admin pages. Fixes #11826.

comment:3 Changed 3 years ago by Ryan J Ollos

Owner: changed from Odd Simon Simonsen to Ryan J Ollos

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Ryan J Ollos.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.