Modify

Opened 10 years ago

Closed 7 years ago

Last modified 3 years ago

#1902 closed enhancement (fixed)

[patch] Allow more granular permissions

Reported by: Tristan Rivoallan Owned by: Steffen Hoffmann
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: permission separation admin web_ui
Cc: Adhidarma Hadiwinoto Trac Release: 0.10

Description

I often need two distinct persons to manage users and password stores. So here's a patch that adds 2 new permissions to make this behavior possible.

  • TRAC_ADMIN permission grants access to both admin screens.
  • ACCOUNTMANAGER_USERS grants access to the "Users" screen
  • ACCOUNTMANAGER_CONFIG grants access to the "Configuration" screen

Attachments (1)

trac-accountmanager-1902-granularperms.patch (1.5 KB) - added by Tristan Rivoallan 10 years ago.

Download all attachments as: .zip

Change History (6)

Changed 10 years ago by Tristan Rivoallan

comment:1 Changed 10 years ago by Tristan Rivoallan

Summary: More granular permissions[PATCH] More granular permissions

comment:2 Changed 10 years ago by Adhidarma Hadiwinoto

Cc: Adhidarma Hadiwinoto added; anonymous removed

It doesn't seem to work on my installation. My trac installation is using CentOS/RedHat 5 RPM trac-0.10.4-1.el5.noarch.rpm, and my TracAccountManager is TracAccountManager-0.1.3dev_r2548-py2.4.egg

The patch file is broken and I must patch the file manually. But when I'm going to grant permission to a user as ACCOUNTMANAGER_USER, it will result an error page:

Internal Error ACCOUNTMANAGER_USERS is not a valid action.

comment:3 Changed 7 years ago by Sergio Talens-Oliag

I've written a similar patch for Trac 0.12, the new patch is on ticket #7700.

comment:4 in reply to:  3 Changed 7 years ago by Steffen Hoffmann

Keywords: permission separation admin web_ui added
Owner: changed from Matt Good to Steffen Hoffmann
Status: newassigned
Summary: [PATCH] More granular permissions[patch] Allow more granular permissions

Replying to sto:

I've written a similar patch for Trac 0.12, the new patch is on ticket #7700.

Great. I've already had look at this, and it seems o.

comment:5 Changed 7 years ago by Steffen Hoffmann

Resolution: fixed
Status: assignedclosed

(In [9280]) AccountManagerPlugin: Allow acctmgr administration for non-TRAC_ADMINs, closes #3726 and #7700.

With dedicated AccountManagerPlugin permissions now you could not only delegate AccountManager administration to users without granting them TRAC_ADMIN, but even differentiate access policy within these settings (closes #1902 as well):

  • ACCTMGR_CONFIG_ADMIN - for /config and /notification
  • ACCTMGR_USER_ADMIN - for /users
  • ACCTMGR_ADMIN - inheriting all without requiring TRAC_ADMIN

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Steffen Hoffmann.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.