I did some work on the VirtualTicketPermissionsPlugin.
See ticket #8926 for patch and progress.
Overview of the new features
- in addition to the group_blacklist, in section
[virtualticketpermissions], you can also write a group_whitelist setting.
- only groups on the whitelist will be considered for the TICKET_IS_..._GROUP permissions
- the blacklist, if also configured, still works
- both whitelist and blacklist entries can be regular expressions (each list will be regex-compiled once on component init for performance)
- group names can be mixed-case in addition to the already supported all-lower-case; only complete-upper-case stuff, i.e. PERMISSIONS_PROPER, are excluded
- for all of the TICKET_IS_XXX permissions provided by the module,
there is now a corresponding TICKET_IS_NOT_XXX negating the test.
This permits writing mutually exclusive workflow steps, like this:
reassign = assigned,accepted,started -> assigned reassign.operations = set_owner reassign.permissions = TICKET_IS_OWNER_GROUP takeover = assigned,accepted,started -> assigned takeover.operations = set_owner_to_self takeover.permissions = TICKET_IS_NOT_OWNER_GROUP OUPA single user will either see reassign (when they share a group with the current owner), or takeover, but never both (unless they are TRAC_ADMIN, which seems to not call down to the plugin at all, unfortunately)