Context Navigation

Modify ↓

#1902 closed enhancement (fixed)

[patch] Allow more granular permissions

Reported by:	Tristan Rivoallan	Owned by:	Steffen Hoffmann
Priority:	normal	Component:	AccountManagerPlugin
Severity:	normal	Keywords:	permission separation admin web_ui
Cc:	Adhidarma Hadiwinoto	Trac Release:	0.10

Description

I often need two distinct persons to manage users and password stores. So here's a patch that adds 2 new permissions to make this behavior possible.

TRAC_ADMIN permission grants access to both admin screens.
ACCOUNTMANAGER_USERS grants access to the "Users" screen
ACCOUNTMANAGER_CONFIG grants access to the "Configuration" screen

Attachments (1)

trac-accountmanager-1902-granularperms.patch (1.5 KB) - added by Tristan Rivoallan 17 years ago.

Download all attachments as: .zip

Change History (6)

Changed 17 years ago by Tristan Rivoallan

Attachment:	trac-accountmanager-1902-granularperms.patch added

comment:1 Changed 17 years ago by Tristan Rivoallan

Summary:	More granular permissions → [PATCH] More granular permissions

comment:2 Changed 17 years ago by Adhidarma Hadiwinoto

Cc:	Adhidarma Hadiwinoto added; anonymous removed

It doesn't seem to work on my installation. My trac installation is using CentOS/RedHat 5 RPM trac-0.10.4-1.el5.noarch.rpm, and my TracAccountManager is TracAccountManager-0.1.3dev_r2548-py2.4.egg

The patch file is broken and I must patch the file manually. But when I'm going to grant permission to a user as ACCOUNTMANAGER_USER, it will result an error page:

Internal Error ACCOUNTMANAGER_USERS is not a valid action.

comment:3 follow-up: 4 Changed 14 years ago by Sergio Talens-Oliag

I've written a similar patch for Trac 0.12, the new patch is on ticket #7700.

comment:4 in reply to: 3 Changed 14 years ago by Steffen Hoffmann

Keywords:	permission separation admin web_ui added
Owner:	changed from Matt Good to Steffen Hoffmann
Status:	new → assigned
Summary:	[PATCH] More granular permissions → [patch] Allow more granular permissions

Replying to sto:

I've written a similar patch for Trac 0.12, the new patch is on ticket #7700.

Great. I've already had look at this, and it seems o.

comment:5 Changed 14 years ago by Steffen Hoffmann

Resolution:	→ fixed
Status:	assigned → closed

(In [9280]) AccountManagerPlugin: Allow acctmgr administration for non-TRAC_ADMINs, closes #3726 and #7700.

With dedicated AccountManagerPlugin permissions now you could not only delegate AccountManager administration to users without granting them TRAC_ADMIN, but even differentiate access policy within these settings (closes #1902 as well):

ACCTMGR_CONFIG_ADMIN - for /config and /notification
ACCTMGR_USER_ADMIN - for /users
ACCTMGR_ADMIN - inheriting all without requiring TRAC_ADMIN

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain Steffen Hoffmann.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: