Opened 17 years ago
Closed 17 years ago
#2088 closed defect (wontfix)
TAGS_MODIFY does not prevent modification of ticket keywords
| Reported by: | Daniel Kahn Gillmor | Owned by: | Alec Thomas |
|---|---|---|---|
| Priority: | normal | Component: | TagsPlugin |
| Severity: | normal | Keywords: | |
| Cc: | Trac Release: | 0.11 |
Description
if TAGS_MODIFY is to be an effective permission, it should not only limit the ability to set tags on wiki pages. It should also limit the ability to set whichever of the ticket fields are parsed for the tags.
This probably means that TagsPlugin should implement an ITicketManipulator interface and filter out any attempts to modify either keywords or the items specified in the fields setting under [tags.ticket] in trac.ini if the user does not have the TAGS_MODIFY permission in the relevant context.
Future ITaggingSystemProvider authors should include similar precautions for their implementations.
Thanks for this great plugin! It's very useful. Sorry that i don't have a patch for you at the moment.
I disagree that Tags should restrict permissions for resources being tagged. It's up to the underlying resource handler to do that.
That being said, the flexible permission system in Trac 0.11 is supported by Tags 0.6 and may provide what you want.