Modify

Opened 14 years ago

Closed 4 years ago

#4632 closed enhancement (fixed)

Hours permissions

Reported by: interstellar Owned by:
Priority: normal Component: TracHoursPlugin
Severity: normal Keywords:
Cc: interstellar, christer@… Trac Release: 0.11

Description

Implement permissions for TracHoursPlugin.

Permissions like HOURS_VIEW, HOURS_MANAGE, HOURS_ADMIN would be nice. And if a user has specific permissions, the hours navigation button would be visible or not.

Right now, if one (even anonymous) has a TICKET_VIEW permission, he can see all hours.

Attachments (2)

workaround.patch (495 bytes) - added by anonymous 14 years ago.
workaround - checks if user has TICKET_VIEW, else shows /hours - this checks for permissions
implement_HOURS_VIEW.diff (1.3 KB) - added by Carlos Jenkins Pérez 12 years ago.
Implementation of HOURS_VIEW feature.

Download all attachments as: .zip

Change History (13)

comment:1 Changed 14 years ago by bolsog@…

even more problematic:
anonymous can view /hours/<ticket-num>
even if anonymous has NO rights at all.

Changed 14 years ago by anonymous

Attachment: workaround.patch added

workaround - checks if user has TICKET_VIEW, else shows /hours - this checks for permissions

comment:2 Changed 12 years ago by anonymous

please fix somehow.

Changed 12 years ago by Carlos Jenkins Pérez

Attachment: implement_HOURS_VIEW.diff added

Implementation of HOURS_VIEW feature.

comment:3 Changed 12 years ago by Carlos Jenkins Pérez

I've implemented the feature HOURS_VIEW. I've appended the patch (revision 8601, 0.11 branch).

Now user must have HOURS_VIEW to view /hours paths. Also, the mainnav tab doesn't show if user doesn't have HOURS_VIEW too.

Cheers

comment:4 in reply to:  3 ; Changed 12 years ago by interstellar

I've applied the patch, but now the Cross-project hours feature doesn't show any hours.

Did anybody experience the same thing?

Replying to Havok:

I've implemented the feature HOURS_VIEW. I've appended the patch (revision 8601, 0.11 branch).

Now user must have HOURS_VIEW to view /hours paths. Also, the mainnav tab doesn't show if user doesn't have HOURS_VIEW too.

Cheers

comment:5 in reply to:  4 ; Changed 12 years ago by Carlos Jenkins Pérez

I'm not using the Multiproject feature, but the patch should not be a problem, since it only provide an extra permission layer that the user need to pass in order to access the Hours views. Sure you granted the HOURS_VIEW permission to users?

Cheers

Replying to interstellar:

I've applied the patch, but now the Cross-project hours feature doesn't show any hours.

Did anybody experience the same thing?

comment:6 in reply to:  5 Changed 12 years ago by interstellar

Sure, I added HOURS_VIEW permission to authenticated group.

When I reverted hours.py to a version before your patch - cross-project hours started working again.

Replying to Havok:

I'm not using the Multiproject feature, but the patch should not be a problem, since it only provide an extra permission layer that the user need to pass in order to access the Hours views. Sure you granted the HOURS_VIEW permission to users?

Cheers

Replying to interstellar:

I've applied the patch, but now the Cross-project hours feature doesn't show any hours.

Did anybody experience the same thing?

comment:7 Changed 12 years ago by Ryan J Ollos

#8122 closed as a duplicate.

comment:8 Changed 12 years ago by Ryan J Ollos

Owner: changed from Jeff Hammel to Ryan J Ollos

Reassigning ticket to new maintainer.

comment:9 Changed 12 years ago by Ryan J Ollos

Cc: christer@… added

#8347 requests that anonymous users not be allowed to access the Hours page.

comment:10 Changed 6 years ago by Ryan J Ollos

Owner: Ryan J Ollos deleted

comment:11 Changed 4 years ago by EmeCas

Resolution: fixed
Status: newclosed

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.