Ticket #1396: TicketClosePermissions-r1496.diff

trac/perm.py

@@ -24 +24 @@
     'TIMELINE_VIEW', 'SEARCH_VIEW', 'CONFIG_VIEW', 'LOG_VIEW', 'FILE_VIEW',
     'CHANGESET_VIEW', 'BROWSER_VIEW', 'ROADMAP_VIEW',
     
-    'TICKET_VIEW', 'TICKET_CREATE', 'TICKET_MODIFY',
+    'TICKET_VIEW', 'TICKET_CREATE', 'TICKET_CHGPROP', 'TICKET_RESOLVE', 
+    'TICKET_APPEND','TICKET_ATTACH',
     
     'REPORT_VIEW', 'REPORT_SQL_VIEW', 'REPORT_CREATE', 'REPORT_MODIFY',
     'REPORT_DELETE',
@@ -40 +41 @@
                    'TIMELINE_VIEW', 'SEARCH_VIEW', 'CONFIG_VIEW', 'LOG_VIEW',
                    'FILE_VIEW', 'CHANGESET_VIEW', 'BROWSER_VIEW'],
     'TICKET_ADMIN': ['TICKET_VIEW', 'TICKET_CREATE', 'TICKET_MODIFY'],
+    'TICKET_MODIFY': ['TICKET_CHGPROP', 'TICKET_RESOLVE', 'TICKET_ATTACH'],
     'REPORT_ADMIN': ['REPORT_VIEW', 'REPORT_SQL_VIEW', 'REPORT_CREATE',
                      'REPORT_MODIFY', 'REPORT_DELETE'],
     'WIKI_ADMIN': ['WIKI_VIEW', 'WIKI_CREATE', 'WIKI_MODIFY', 'WIKI_DELETE'],

trac/Ticket.py

@@ -366 +366 @@
 
         req.display('newticket.cs')
 
+def get_ticket_actions(ticket, prm):
+    """ Returns the actions that can be performed on the ticket"""
+    actions = {
+        'new':      ['leave', 'resolve', 'reassign', 'accept'],
+        'assigned': ['leave', 'resolve', 'reassign'          ],
+        'reopened': ['leave', 'resolve', 'reassign'          ],
+        'closed':   ['leave',                        'reopen']
+    }
+    permissions = {
+        'resolve': perm.TICKET_RESOLVE,
+        'reassign': perm.TICKET_CHGPROP,
+        'accept': perm.TICKET_CHGPROP,
+        'reopen': perm.TICKET_CREATE
+    }
+    def has_perm(p):
+        n = permissions.get(p, None)
+        return not n or prm.has_permission(n)
+    return filter(has_perm, actions.get(ticket['status'], ['leave']))
 
 class TicketModule (Module):
 
     def save_changes(self, req, id):
-        self.perm.assert_permission (perm.TICKET_MODIFY)
-        ticket = Ticket(self.db, id)
+        if self.perm.has_permission(perm.TICKET_CHGPROP):
+            # TICKET_CHGPROP gives permission to edit the ticket
+            if not req.args.get('summary'):
+                raise util.TracError('Tickets must contain Summary.')
 
-        if not req.args.get('summary'):
-            raise util.TracError('Tickets must contain Summary.')
+            ticket = Ticket(self.db, id)
+            if req.args.has_key('description'):
+                self.perm.assert_permission (perm.TICKET_ADMIN)
 
-        if req.args.has_key('description'):
-            self.perm.assert_permission (perm.TICKET_ADMIN)
+            if req.args.has_key('reporter'):
+                self.perm.assert_permission (perm.TICKET_ADMIN)
 
-        if req.args.has_key('reporter'):
-            self.perm.assert_permission (perm.TICKET_ADMIN)
+            ticket.populate(req.args)
 
+        elif self.perm.has_permission(perm.TICKET_APPEND):
+            # Allow appending a comment to the ticket only
+            ticket = Ticket(self.db, id)
+        else:
+            raise perm.PermissionError(perm.TICKET_CHGPROP)
+
+        # Do any action on the ticket?
+        action = req.args.get('action', None)
+
+        # Make sure the action is valid
+        if action not in get_ticket_actions(ticket, self.perm):
+            raise util.TracError('Invalid action')
+
         # TODO: this should not be hard-coded like this
-        action = req.args.get('action', None)
         if action == 'accept':
             ticket['status'] =  'assigned'
             ticket['owner'] = req.authname
@@ -397 +429 @@
             ticket['status'] = 'reopened'
             ticket['resolution'] = ''
 
-        ticket.populate(req.args)
-
         now = int(time.time())
         ticket.save_changes(self.db, req.args.get('author', req.authname),
                             req.args.get('comment'), when=now)
@@ -491 +521 @@
         # List attached files
         self.env.get_attachments_hdf(self.db, 'ticket', str(id), req.hdf,
                                      'ticket.attachments')
-        req.hdf['ticket.attach_href'] = self.env.href.attachment('ticket', id)
+        if self.perm.has_permission(perm.TICKET_ATTACH):
+            req.hdf['ticket.attach_href'] = self.env.href.attachment('ticket', id)
 
+        # Add the possible workflow paths to hdf
+        for action in get_ticket_actions(ticket,self.perm):
+            req.hdf['ticket.workflow.' + action] = '1'
+
     def render(self, req):
         self.perm.assert_permission (perm.TICKET_VIEW)
 

templates/ticket.cs

@@ -128 +128 @@
  /each ?></div><?cs
 /if ?>
 
-<?cs if $trac.acl.TICKET_MODIFY ?>
+<?cs if $trac.acl.TICKET_CHGPROP || $trac.acl.TICKET_APPEND ?>
 <form action="<?cs var:cgi_location ?>#preview" method="post">
  <hr />
  <h3><a name="edit" onfocus="document.getElementById('comment').focus()">Add/Change #<?cs
@@ -155 +155 @@
   /if ?>
  </div>
 
+ <?cs if $trac.acl.TICKET_CHGPROP ?>
  <fieldset id="properties">
   <legend>Change Properties</legend>
   <div class="main">
@@ -203 +204 @@
    <?cs call:ticket_custom_props(ticket) ?>
   </div><?cs /if ?>
  </fieldset>
+ <?cs /if ?>
 
+ <?cs if ticket.workflow.accept || ticket.workflow.reopen || ticket.workflow.resolve || ticket.workflow.reassign ?>
  <fieldset id="action">
   <legend>Action</legend><?cs
   if:!ticket.action ?><?cs set:ticket.action = 'leave' ?><?cs
@@ -214 +217 @@
      /if ?> /><?cs
   /def ?>
   <?cs call:action_radio('leave') ?>
-  <label for="leave">leave as <?cs var:ticket.status ?></label><br /><?cs
-  if $ticket.status == "new" ?>
-   <?cs call:action_radio('accept') ?>
-   <label for="accept">accept ticket</label><br /><?cs
+    <label for="leave">leave as <?cs var:ticket.status ?></label><br /><?cs
+  if ticket.workflow.accept ?><?cs
+    call:action_radio('accept') ?>
+    <label for="accept">accept ticket</label><br /><?cs
   /if ?><?cs
-  if $ticket.status == "closed" ?>
-   <?cs call:action_radio('reopen') ?>
-   <label for="reopen">reopen ticket</label><br /><?cs
+  if ticket.workflow.reopen ?><?cs
+    call:action_radio('reopen') ?>
+    <label for="reopen">reopen ticket</label><br /><?cs
   /if ?><?cs
-  if $ticket.status == "new" || $ticket.status == "assigned" || $ticket.status == "reopened" ?>
-   <?cs call:action_radio('resolve') ?>
-   <label for="resolve">resolve</label>
-   <label for="resolve_resolution">as:</label>
-   <?cs call:hdf_select(enums.resolution, "resolve_resolution", args.resolve_resolution, 0) ?><br />
-   <?cs call:action_radio('reassign') ?>
-   <label for="reassign">reassign</label>
-   <label>to:<?cs
-   if:len(ticket.users) ?><?cs
-    call:hdf_select(ticket.users, "reassign_owner", ticket.reassign_owner, 0) ?><?cs
-   else ?>
-    <input type="text" id="reassign_owner" name="reassign_owner" size="40" value="<?cs
-      var:ticket.reassign_owner ?>" /><?cs
-   /if ?></label><?cs
+  if ticket.workflow.resolve ?><?cs
+    call:action_radio('resolve') ?>
+    <label for="resolve">resolve</label>
+    <label for="resolve_resolution">as:</label>
+    <?cs call:hdf_select(enums.resolution, "resolve_resolution", args.resolve_resolution, 0) ?><br /><?cs
   /if ?><?cs
-  if $ticket.status == "new" || $ticket.status == "assigned" || $ticket.status == "reopened" ?>
-   <script type="text/javascript">
-     var resolve = document.getElementById("resolve");
-     var reassign = document.getElementById("reassign");
-     var updateActionFields = function() {
-       enableControl('resolve_resolution', resolve.checked);
-       enableControl('reassign_owner', reassign.checked);
+  if ticket.workflow.reassign ?><?cs
+    call:action_radio('reassign') ?>
+    <label for="reassign">reassign</label>
+    <label>to:<?cs
+    if:len(ticket.users) ?><?cs
+     call:hdf_select(ticket.users, "reassign_owner", ticket.reassign_owner, 0) ?><?cs
+    else ?>
+     <input type="text" id="reassign_owner" name="reassign_owner" size="40" value="<?cs
+       var:ticket.reassign_owner ?>" /><?cs
+    /if ?></label><?cs
+  /if ?><?cs
+  if ticket.workflow.resolve || ticket.workflow.reassign ?>
+   <script type="text/javascript"><?cs
+   if ticket.workflow.resolve ?>
+     var resolve = document.getElementById("resolve");<?cs
+   /if ?><?cs
+   if ticket.workflow.reassign ?>
+     var reassign = document.getElementById("reassign");<?cs
+   /if ?>
+     var updateActionFields = function() {<?cs
+   if ticket.workflow.resolve ?>
+       enableControl('resolve_resolution', resolve.checked);<?cs
+   /if ?><?cs
+   if ticket.workflow.reassign ?>
+       enableControl('reassign_owner', reassign.checked);<?cs
+   /if ?>
      };
      addEvent(window, 'load', updateActionFields);
      addEvent(document.getElementById("leave"), 'click', updateActionFields);<?cs
-    if $ticket.status == "new" ?>
+   if ticket.workflow.accept ?>
      addEvent(document.getElementById("accept"), 'click', updateActionFields);<?cs
-    /if ?>
-    addEvent(resolve, 'click', updateActionFields);
-    addEvent(reassign, 'click', updateActionFields);
+   /if ?><?cs
+   if ticket.workflow.resolve ?>
+     addEvent(resolve, 'click', updateActionFields);<?cs
+   /if ?><?cs
+   if ticket.workflow.reopen ?>
+     addEvent(document.getElementById("reopen"), 'click', updateActionFields);<?cs
+   /if ?><?cs
+   if ticket.workflow.reassign ?>
+     addEvent(reassign, 'click', updateActionFields);<?cs
+   /if ?>
    </script><?cs
   /if ?>
  </fieldset>
+ <?cs else ?>
+ <input type="hidden" name="action" value="leave" />
+ <?cs /if ?>
 
  <script type="text/javascript" src="<?cs
    var:htdocs_location ?>js/wikitoolbar.js"></script>
@@ -263 +286 @@
  <div class="buttons">
   <input type="reset" value="Reset" />&nbsp;
   <input type="submit" name="preview" value="Preview" />&nbsp;
-  <input type="submit" value="Submit changes" /> 
+  <input type="submit" value="Submit changes" />
  </div>
 </form>
 <?cs /if ?>