Opened 10 years ago

Closed 6 years ago

TICKET_VIEW_SELF does not work with 0.11

Reported by: Owned by: anonymous Ryan J Ollos high PrivateTicketsPlugin blocker 0.12

Description

for any tickets: TICKET_VIEW privileges are required to perform this operation

but if it is granted then the user can see all of them

(using default config after install and only this component)

comment:1 Changed 10 years ago by anonymous

Priority: normal → high normal → blocker

comment:2 Changed 10 years ago by benbruscella

Confirmed using:

• Trac 0.11dev-r6814
• TracAccountManager 0.2dev-r3111
• TracPrivateTickets 2.0 with #2876 applied

comment:3 Changed 10 years ago by evian

confirmed here also, when can we expect a patch?

comment:4 Changed 10 years ago by Noah Kantrowitz

Resolution: → worksforme new → closed

Chances are you haven't activated the policy, please find me on IRC if you wish to use this on 0.11 as it has not been formally released (hence the tag still being 0.10 and the docs not being updated to reflect 0.11).

comment:5 follow-up:  6 Changed 7 years ago by russell@…

Resolution: worksforme closed → reopened 0.11 → 0.12

I am having the same issue on 0.12, using version 2.0.2. I have the following in trac.ini:

permission_policies = PrivateTicketsPolicy, InternalTicketsPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy


In addition to PrivateTickets, I have timingandestimationplugin 1.0.8b installed.

comment:6 in reply to:  5 ; follow-up:  7 Changed 7 years ago by Ryan J Ollos

In addition to PrivateTickets, I have timingandestimationplugin 1.0.8b installed.

We'll need more information to pursue this issue further. Please test with TimingAndEstimationPlugin disabled, and InternalTicketsPolicy removed from permission_policies.

comment:7 in reply to:  6 ; follow-up:  8 Changed 7 years ago by anonymous

We'll need more information to pursue this issue further. Please test with TimingAndEstimationPlugin disabled, and InternalTicketsPolicy removed from permission_policies.

I have disabled the plugin, and removed InternalTicketsPolicy, and it still doesn't work.

I also have three other plugins installed (which I disabled when testing): TracAccountManager, TracXMLRPC, and TracHTTPAuth, but even with th

comment:8 in reply to:  7 ; follow-up:  9 Changed 7 years ago by Ryan J Ollos

I also have three other plugins installed (which I disabled when testing): TracAccountManager, TracXMLRPC, and TracHTTPAuth, but even with th

Could you please list all the permissions of the user that you are trying to restrict ticket access for?

comment:9 in reply to:  8 ; follow-ups:  10  11 Changed 7 years ago by anonymous

Could you please list all the permissions of the user that you are trying to restrict ticket access for?

I have put the following privileges into the authenticated group:

TICKET_CREATE, TICKET_APPEND, REPORT_VIEW, TICKET_VIEW_SELF, TICKET_VIEW_REPORTER

I am pretty sure I don't need TICKET_VIEW_REPORTER, but I had it there for testing.

comment:10 in reply to:  9 Changed 7 years ago by Ryan J Ollos

Owner: changed from Noah Kantrowitz to Ryan J Ollos reopened → new

I have put the following privileges into the authenticated group:

Thanks, I will investigate and get back to you soon.

comment:11 in reply to:  9 Changed 6 years ago by Ryan J Ollos

Resolution: → fixed new → closed

TICKET_CREATE, TICKET_APPEND, REPORT_VIEW, TICKET_VIEW_SELF, TICKET_VIEW_REPORTER

I am pretty sure I don't need TICKET_VIEW_REPORTER, but I had it there for testing.

I'm getting back to you pretty late on this and doubt I'll get a follow-up, so I'll just close it. Please reopen if you wish to continue debugging. The next step would be to investigate the log files, see t:TracLogging for more details.

Modify Ticket

Change Properties