Modify

Opened 10 years ago

Closed 7 years ago

Last modified 3 years ago

#1902 closed enhancement (fixed)

[patch] Allow more granular permissions

Reported by: Tristan Rivoallan Owned by: Steffen Hoffmann
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: permission separation admin web_ui
Cc: Adhidarma Hadiwinoto Trac Release: 0.10

Description

I often need two distinct persons to manage users and password stores. So here's a patch that adds 2 new permissions to make this behavior possible.

  • TRAC_ADMIN permission grants access to both admin screens.
  • ACCOUNTMANAGER_USERS grants access to the "Users" screen
  • ACCOUNTMANAGER_CONFIG grants access to the "Configuration" screen

Attachments (1)

trac-accountmanager-1902-granularperms.patch (1.5 KB) - added by Tristan Rivoallan 10 years ago.

Download all attachments as: .zip

Change History (6)

Changed 10 years ago by Tristan Rivoallan

comment:1 Changed 10 years ago by Tristan Rivoallan

Summary: More granular permissions[PATCH] More granular permissions

comment:2 Changed 10 years ago by Adhidarma Hadiwinoto

Cc: Adhidarma Hadiwinoto added; anonymous removed

It doesn't seem to work on my installation. My trac installation is using CentOS/RedHat 5 RPM trac-0.10.4-1.el5.noarch.rpm, and my TracAccountManager is TracAccountManager-0.1.3dev_r2548-py2.4.egg

The patch file is broken and I must patch the file manually. But when I'm going to grant permission to a user as ACCOUNTMANAGER_USER, it will result an error page:

Internal Error ACCOUNTMANAGER_USERS is not a valid action.

comment:3 Changed 7 years ago by Sergio Talens-Oliag

I've written a similar patch for Trac 0.12, the new patch is on ticket #7700.

comment:4 in reply to:  3 Changed 7 years ago by Steffen Hoffmann

Keywords: permission separation admin web_ui added
Owner: changed from Matt Good to Steffen Hoffmann
Status: newassigned
Summary: [PATCH] More granular permissions[patch] Allow more granular permissions

Replying to sto:

I've written a similar patch for Trac 0.12, the new patch is on ticket #7700.

Great. I've already had look at this, and it seems o.

comment:5 Changed 7 years ago by Steffen Hoffmann

Resolution: fixed
Status: assignedclosed

(In [9280]) AccountManagerPlugin: Allow acctmgr administration for non-TRAC_ADMINs, closes #3726 and #7700.

With dedicated AccountManagerPlugin permissions now you could not only delegate AccountManager administration to users without granting them TRAC_ADMIN, but even differentiate access policy within these settings (closes #1902 as well):

  • ACCTMGR_CONFIG_ADMIN - for /config and /notification
  • ACCTMGR_USER_ADMIN - for /users
  • ACCTMGR_ADMIN - inheriting all without requiring TRAC_ADMIN

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Steffen Hoffmann.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.