Changes between Version 77 and Version 78 of SimpleMultiProjectPlugin


Ignore:
Timestamp:
Aug 4, 2020, 7:42:24 PM (4 years ago)
Author:
Cinc-th
Comment:

Described the new permission handling.

Legend:

Unmodified
Added
Removed
Modified

  • SimpleMultiProjectPlugin

    v77 v78  
    161161== Project restrictions
    162162=== Current trunk and releases 0.7.2+
    163 A new permission system is currently developed and the first implementation landed with [17810]. See ticket #13850 used for tracking the effort.
    164 
    165 To activate project restrictions add the following permission policy:
     163A new permission system is implemented by a new permission policy ''SmpPermissionPolicy'' and additional request filtering. The latter is necessary because TracFineGrainedPermissions are limited to some resources, notably excluding versions and components.
     164
     165For permission checking and proper filtering the permission policy plugin must be activated and configured in trac.ini:
    166166{{{#!ini
    167167[trac]
     
    170170Make sure the new policy is the first in the list of available policies.
    171171
     172You may mark a project as restricted on the project admin page which has the following effects.
     173
     174 * Tickets linked with a restricted project can't be accessed by users without permissions.
     175 
     176 This works for individual ticket pages, ticket queries, the timeline page and everywhere else a ticket is shown.
     177 * Milestones belonging to restricted projects can't be accessed without permissions.
     178
     179 This affects ticket queries, the roadmap and timeline pages and individual ticket pages.
     180 * Components and versions of restricted projects are not available for queries or when creating/modifying ticket pages.
     181
     182Projects without restrictions and their linked resources can be accessed by any user. Normal Trac permission settings apply.
     183
    172184Project permissions are assigned using the Trac permission admin panel. Each project has a unique ID which is not changing over the lifetime of  a project, even if you change the project name.[[BR]]
    173 To give a user access to a project you have to give the permission '''PROJECT_<id>_MEMBER''' where ''<id>'' is the unique project id.
    174 
    175 The following restrictions are currently in place:
    176  * Ticket filtering. Users only see tickets belonging to projects they're a member of. Tickets of projects without restrictions are always shown.
    177  
    178  This works for ticket pages and when doing custom queriers.
    179  * Component, version and milestone filtering on ticket pages.
    180  * Milestone filtering on roadmap and timeline pages.
     185To give a user access to a project you have to give the permission '''PROJECT_<id>_MEMBER''' where ''<id>'' is the unique project id. For finer control over individual resources the normal Trac permissions are available.
     186
     187This means the project permission is a coarse filter to only prevent global project resources access. You can't have individual fine grained resource access for different projects because normal Trac permissions are defined for all projects. Use TracFineGrainedPermissions if you need such control.
    181188
    182189Note that filtering by project is always done.