wiki:VirtualTicketPermissionsPlugin

Virtual ticket permissions

Description

Warning: If the plugin is removed, disabled, or fails to load in Trac < 1.0.2, Trac will display private tickets to anyone with TICKET_VIEW permission and the TICKET_VIEW* permission restrictions will not have any effect. See #5784 and t:#10285 for more information.

Notes

Creates a set of virtual permissions for tickets that the user is associated with.

There are three main permissions for this plugin: TICKET_IS_REPORTER, TICKET_IS_CC, and TICKET_IS_OWNER. TICKET_IS_SELF is an alias for all three of these.

With each permission, users will be granted the permissions where they are the person mentioned in the permission. So if a user has TICKET_IS_REPORTER, they can only get the permisson for ticket they reported. For TICKET_IS_CC, they just have to be included in the CC list.

There are also group-based permissions: TICKET_IS_REPORTER_GROUP, TICKET_IS_CC_GROUP, and TICKET_IS_OWNER_GROUP. These work in a similar way to their non-group counterparts, except that you are granted the permission if you share a group with the target user. For example, if ticket 1 was reported by Allan, and Allan and Bob are both in the group company_foo, and Bob has TICKET_IS_REPORTER_GROUP, then Bob will get the permission for ticket 1 since he shares a group with the reporter. Each group-based permission is also an alias for the normal one, so you do not have to grant both. TICKET_IS_GROUP is an alias for all the group-based permissions (and therefore all the normal ones as well).

Finally, users with TRAC_ADMIN will automatically get all these permissions. The meta-user "anonymous" also cannot be restricted by this plugin, as their identity isn't known to be checked.

Configuration

All configuration options go in the [virtualticketpermissions] section.

group_blacklist

Groups to ignore for the purposes of the *_GROUP permissions.

Defaults to "anonymous, authenticated"

You must also add VirtualTicketPermissionsPolicy to your permission_policies setting in trac.ini. See below for an example if you don't have any other policies.

Example

An example configuration:

[virtualticketpermissions]
group_blacklist = anonymous, authenticated, labusers

[components]
virtualticketpermissions.* = enabled

[trac]
permission_policies = DefaultPermissionPolicy, LegacyAttachmentPolicy, VirtualTicketPermissionsPolicy

[ticket-workflow]
accept = new,accepted -> accepted
accept.permissions = TICKET_IS_OWNER

See also PrivateTicketsPlugin, SensitiveTicketsPlugin, /bof/enhanceVirtualTicketPermissionsPlugin

Bugs/Feature Requests

Existing bugs and feature requests for VirtualTicketPermissionsPlugin are here.

If you have any issues, create a new ticket.

defect

3 / 3

enhancement

2 / 3

task

1 / 2

Download

Download the zipped source from here.

Source

Check out VirtualTicketPermissionsPlugin from here using Subversion, or browse the source with Trac.

Installation

General instructions on installing Trac plugins can be found on the TracPlugins page.

Recent Changes

11511 by rjollos on 2012-04-22 11:00:42

Fixes #9979: Clarified that license is BSD 3-Clause.

  • Added license info to source, and switched to UTF-8 encoding of the source.
  • Committing the deletion part of the move operation in [11510].
11510 by rjollos on 2012-04-22 10:54:25
Refs #9979: Renamed 0.11 directory to trunk.
4153 by normanr on 2008-08-19 12:47:20
Adding mime-type for README
(more)

Author/Contributors

Author: normanr
Maintainer: none (needsadoption) (adoption request open in #9966)
Contributors: jlove, bof

Last modified 2 months ago Last modified on Dec 14, 2016, 10:14:58 PM