[[PageOutline(2-5,Contents,pullout)]] = Hide sensitive tickets with a checkbox == Description This is a plugin that lets users mark tickets as "sensitive" with a checkbox on the ticket form. Sensitive tickets are viewable only to those with the `SENSITIVE_VIEW` permission. There are the following use cases for this: '''Scenario 1''' A user submits a security related ticket to a project's Trac, which is generally open to the public. They mark it as "Sensitive" so that only people in the internal team that deal with security issues can see the ticket. '''Scenario 2''' A team uses Trac to handle its business development tasks, but wants to leave the record open for all. Some tasks, however, say, dealing with difficult clients, are sensitive. Those tickets are marked as sensitive and hidden to others, but viewable by the business development team. '''Beware''': * Hooks that send mail on ticket changes will still send mail for sensitive tickets; this may not be what you want. * In versions of Trac prior to 1.0.2, if the plugin is removed, disabled, or fails to load, Trac will display sensitive tickets ([ticket:5784 ""failing open" instead of "failing closed""]). This plugin is supported on Trac 0.11.6 or higher. The plugin is based on the example [http://svn.edgewall.com/repos/trac/trunk/sample-plugins/permissions/vulnerability_tickets.py vulnerability_tickets.py], but uses a checkbox instead of text in the summary or keywords to mark a ticket as sensitive. See also: PrivateTicketsPlugin. == Bugs/Feature Requests Existing bugs and feature requests for SensitiveTicketsPlugin are [report:9?COMPONENT=SensitiveTicketsPlugin here]. If you have any issues, create a [/newticket?component=SensitiveTicketsPlugin new ticket]. [[TicketQuery(component=SensitiveTicketsPlugin&group=type,format=progress)]] == Download Download the zipped source from [export:sensitiveticketsplugin here]. The plugin is also available on [pypi:TracSensitiveTickets PyPI]. == Source You can check out SensitiveTicketsPlugin from [/svn/sensitiveticketsplugin here] using Subversion, or [source:sensitiveticketsplugin browse the source] with Trac. == Installation General instructions on installing Trac plugins can be found on the [TracPlugins#InstallingaTracplugin TracPlugins] page. == Configuration Once this plugin is enabled, you have to insert it at the appropriate place in your list of permission policies in your `trac.ini` file: {{{#!ini [trac] permission_policies = SensitiveTicketsPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy }}} Users with `SENSITIVE_VIEW` privileges will be able to see and act on tickets marked sensitive, as will any user configured to be able to bypass the sensitive marker. For example, his happens in the case the user is the ticket owner or reporter or is in the CC field, and the associated flags are set in `[sensitivetickets]` section of `trac.ini`. This plugin also adds the `SENSITIVE_ACTIVITY_VIEW` permission, which is narrower in scope than `SENSITIVE_VIEW`. Accounts with `SENSITIVE_ACTIVITY_VIEW` will be able to see activity on sensitive material in the timeline, but will only be able to identify it by ticket number, comment number and timestamp. All other content will be redacted. `SENSITIVE_ACTIVITY_VIEW` can be useful (for example) for providing a notification daemon the ability to tell that some activity happened without leaking the content of that activity. Needs an environment upgrade or just adding the appropriate stanza to `[ticket-custom]` in `trac.ini` after enabling. == Recent Changes [[ChangeLog(sensitiveticketsplugin, 3)]] == Author/Contributors '''Authors:''' [wiki:sbenthall], [wiki:dkgdkg] [[BR]] '''Maintainer:''' [[Maintainer]] [[BR]] '''Contributors:''' [wiki:k0s], [wiki:obs] [[BR]]