Modify

Opened 6 years ago

Closed 6 years ago

#13285 closed enhancement (duplicate)

Restrict creation of new accreditations using a new registered ACCREDITATION_CREATE permission

Reported by: Richard Lyders Owned by: Cauly
Priority: normal Component: AccreditationPlugin
Severity: normal Keywords:
Cc: Trac Release: 1.2

Description

I've updated the attached Accreditation.py as follows:

  1. implement IPermissionRequestor and register new trac permission: ACCREDITATION_CREATE
  2. ensure that only users granted ACCREDITATION_CREATE can create approvals via the /accreditation/new request path
  3. only show the create-approval form for users granted ACCREDITATION_CREATE
  4. ensure that only the specific author assigned to an approval record can change the approval via the /accreditation/comment request path.

Attachments (1)

Accreditation.py (11.6 KB) - added by Richard Lyders 6 years ago.
Registered new ACCREDITATION_CREATE permission to control who can create new accreditation records

Download all attachments as: .zip

Change History (3)

Changed 6 years ago by Richard Lyders

Attachment: Accreditation.py added

Registered new ACCREDITATION_CREATE permission to control who can create new accreditation records

comment:1 Changed 6 years ago by Richard Lyders

PS: In our environment, anonymous users have access to read-only, but the lack of permissions checking on the creation of accreditations meant that anonymous users could create accreditation records. This enhancement solves that problem by leveraging a new permission ACCREDITATION_CREATE to control who can create new accreditation records.

comment:2 Changed 6 years ago by Richard Lyders

Resolution: duplicate
Status: newclosed

This enhancement can be closed as a duplicate of enhancement #13289 considering I've attached a complete unified patch to #13289 with this and all other changes I've implemented.

Complete patch attached with all changes to date ... (the attachment description erroneously calls it a "complete path".

Thanks again for this plugin. We are getting some good use out of it.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Cauly.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.