Tag Permission Checks Should Have Parent Resources

[John Hampton]

Currently, the tag resources passed to the IPermissionPolicy interfaces have no parent resources. They should have parent resource to indicate where the tags exist

[Alec Thomas]

Can you recall where this was the case?

[Steffen Hoffmann]

Your complaint is rather artificial.

The only place where we currently use tag resources is in wiki.py, and there both times it is to instantiate a resource object for render_resource_link() that doesn't utilize permission checks AFAIK.

No question, we don't have a way to auto-retrieve the corresponding parent (resource) when instantiating a tag resource. But we don't discuss something similar to attachments here. I consider this a next-to-nonsense task in a common TracTags application, where you normally find more than one resource tagged with a given tag, so there's no distinct parent to refer to. On top of this I guess, it would be just another performance hit (#4503). And what would the full list of tagged resources be good for inside every tag resource object?

Plus: In general permission checks in this plugin are done straight on the parent resource as required, as far as I can see. I.e. have a look at [10789] for hints where these places are.

Frankly I can't see a place where we would miss and need the tag resource parent. And in the absence of a reasonable use case this is a none-issue, right? Feel free to reopen, if you can provide details, that might let this defect report look more valid. It would still become an enhancement request then, I guess...