Opened 17 years ago
Closed 13 years ago
#2754 closed defect (invalid)
Tag Permission Checks Should Have Parent Resources
Reported by: | John Hampton | Owned by: | Alec Thomas |
---|---|---|---|
Priority: | normal | Component: | TagsPlugin |
Severity: | normal | Keywords: | resource parent permission |
Cc: | John Hampton, Ryan J Ollos, Michael Renzmann, Jun Omae, osimons, Mitar | Trac Release: | 0.11 |
Description
Currently, the tag resources passed to the IPermissionPolicy interfaces have no parent resources. They should have parent resource to indicate where the tags exist
Attachments (0)
Change History (3)
comment:1 Changed 17 years ago by
comment:2 Changed 15 years ago by
Cc: | Ryan J Ollos added |
---|
comment:3 Changed 13 years ago by
Cc: | Michael Renzmann Jun Omae osimons Mitar added |
---|---|
Keywords: | resource parent permission added |
Resolution: | → invalid |
Status: | new → closed |
Your complaint is rather artificial.
The only place where we currently use tag resources is in wiki.py
, and there both times it is to instantiate a resource object for render_resource_link()
that doesn't utilize permission checks AFAIK.
No question, we don't have a way to auto-retrieve the corresponding parent (resource) when instantiating a tag resource. But we don't discuss something similar to attachments here. I consider this a next-to-nonsense task in a common TracTags application, where you normally find more than one resource tagged with a given tag, so there's no distinct parent to refer to. On top of this I guess, it would be just another performance hit (#4503). And what would the full list of tagged resources be good for inside every tag resource object?
Plus: In general permission checks in this plugin are done straight on the parent resource as required, as far as I can see. I.e. have a look at [10789] for hints where these places are.
Frankly I can't see a place where we would miss and need the tag resource parent. And in the absence of a reasonable use case this is a none-issue, right? Feel free to reopen, if you can provide details, that might let this defect report look more valid. It would still become an enhancement request then, I guess...
Can you recall where this was the case?