wiki:ComponentPermissionsPlugin

Create permissions per ticket component

Description

This plugin provides permissions based on ticket components. For example, for a component foobar this plugin will provide permission COMPONENT_FOOBAR_VIEW, which is then required to access the ticket with this component.

Bugs/Feature Requests

Please use GitHub for any issues you have with ComponentPermissionsPlugin.

Download

Download the zipped source from here.

Source

You can clone ComponentPermissionsPlugin from here using git, or browse the source on GitHub.

Installation

Run the following to install this plugin:

$ pip install ComponentPermissionsPlugin

For more information, please follow documentation on how to install Trac plugins.

Configuration

After installation you first have to enable the plugin:

[components]
componentpermissions.* = enabled

Then you have to configure which field it checks to enable component permission checking:

[component-permissions]
allow_reporter = false
allow_owner = false
allow_cc = false
allow_cc_email = false
hide_components = false

You should also add the component near the beginning of the permission_policies list:

permission_policies = ComponentPermissionsPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy

Additionally, you can require component permission only when a configured ticket field is checked. For example, this can be such custom ticket field:

[ticket-custom]
privacy = checkbox
privacy.label = Privacy sensitive
privacy.value = 0

And you configure this plugin to use it:

[component-permissions]
ticket_field_name = privacy

This will require component permission only when the ticket is marked as privacy sensitive.

If you want only some components to have limited access, simply assign other components' permissions to the anonymous user.

There is also a special permission COMPONENT_VIEW which gives the user (or group) permission to see any ticket otherwise limited by component permissions.

If you want to allow ticket reporter, owner or users in CC list to have access to the ticket regardless of component permissions, you can set allow_reporter, allow_owner, and allow_cc to true, respectively. You can also use allow_cc_email to specify user's by their e-mail address (even if such user does not yet exist). However be careful: make sure users' email addresses are verified and that they cannot be freely changed to arbitrary values.

Setting hide_components to true will hide components from ticket and other forms if user does not have permission for them. Works if not using a custom field.

Author/Contributors

Author: mitar
Maintainer: mitar
Contributors:

Last modified 14 months ago Last modified on Jan 30, 2023, 9:03:56 PM