Ticket #1396: TicketClosePermissions.diff

trac/attachment.py

@@ -63 +63 @@
                 self.render_view(req, parent_type, parent_id, filename)
 
     def render_form(self, req, parent_type, parent_id):
-        perm_map = {'ticket': perm.TICKET_MODIFY, 'wiki': perm.WIKI_MODIFY}
+        perm_map = {'ticket': perm.TICKET_ATTACH, 'wiki': perm.WIKI_MODIFY}
         self.perm.assert_permission(perm_map[parent_type])
 
         text, link = self.get_parent_link(parent_type, parent_id)
@@ -79 +79 @@
         req.display('attachment.cs')
 
     def save_attachment(self, req, parent_type, parent_id):
-        perm_map = {'ticket': perm.TICKET_MODIFY, 'wiki': perm.WIKI_MODIFY}
+        perm_map = {'ticket': perm.TICKET_ATTACH, 'wiki': perm.WIKI_MODIFY}
         self.perm.assert_permission(perm_map[parent_type])
 
         if req.args.has_key('cancel'):

trac/perm.py

@@ -24 +24 @@
     'TIMELINE_VIEW', 'SEARCH_VIEW', 'CONFIG_VIEW', 'LOG_VIEW', 'FILE_VIEW',
     'CHANGESET_VIEW', 'BROWSER_VIEW', 'ROADMAP_VIEW',
     
-    'TICKET_VIEW', 'TICKET_CREATE', 'TICKET_MODIFY',
+    'TICKET_VIEW', 'TICKET_CREATE', 'TICKET_EDIT', 'TICKET_RESOLVE', 
+    'TICKET_APPEND','TICKET_ATTACH',
     
     'REPORT_VIEW', 'REPORT_SQL_VIEW', 'REPORT_CREATE', 'REPORT_MODIFY',
     'REPORT_DELETE',
@@ -39 +40 @@
     'TRAC_ADMIN': ['TICKET_ADMIN', 'REPORT_ADMIN', 'WIKI_ADMIN', 'ROADMAP_ADMIN',
                    'TIMELINE_VIEW', 'SEARCH_VIEW', 'CONFIG_VIEW', 'LOG_VIEW',
                    'FILE_VIEW', 'CHANGESET_VIEW', 'BROWSER_VIEW'],
-    'TICKET_ADMIN': ['TICKET_VIEW', 'TICKET_CREATE', 'TICKET_MODIFY'],
+    'TICKET_ADMIN': ['TICKET_VIEW', 'TICKET_CREATE', 'TICKET_EDIT', 
+                     'TICKET_RESOLVE', 'TICKET_ATTACH'],
+    'TICKET_MODIFY': ['TICKET_EDIT', 'TICKET_RESOLVE', 'TICKET_ATTACH'],
     'REPORT_ADMIN': ['REPORT_VIEW', 'REPORT_SQL_VIEW', 'REPORT_CREATE',
                      'REPORT_MODIFY', 'REPORT_DELETE'],
     'WIKI_ADMIN': ['WIKI_VIEW', 'WIKI_CREATE', 'WIKI_MODIFY', 'WIKI_DELETE'],

trac/Ticket.py

@@ -78 +78 @@
             for row in rows:
                 self['custom_' + row[0]] = row[1]
         self._forget_changes()
-
+
     def populate(self, dict):
         """Populate the ticket with 'suitable' values from a dictionary"""
         def is_field(name):
@@ -210 +210 @@
             log.append((int(row[0]), row[1], row[2], row[3] or '', row[4] or ''))
         return log
 
-
 def get_custom_fields(env):
     cfg = env.get_config_items('ticket-custom')
     if not cfg:
@@ -368 +367 @@
 
         req.display('newticket.cs')
 
+def get_ticket_actions(ticket, prm):
+    """ Returns the actions that can be performed on the ticket"""
+    actions = {
+        'new':      ['leave', 'resolve', 'reassign', 'accept'],
+        'assigned': ['leave', 'resolve', 'reassign'          ],
+        'reopened': ['leave', 'resolve', 'reassign'          ],
+        'closed':   ['leave',                        'reopen']
+    }
+    permissions = {
+        'resolve': perm.TICKET_RESOLVE,
+        'reassign': perm.TICKET_EDIT,
+        'accept': perm.TICKET_EDIT,
+        'reopen': perm.TICKET_CREATE
+    }
+    def has_perm(p):
+        n = permissions.get(p, None)
+        return not n or prm.has_permission(n)
+    return filter(has_perm, actions.get(ticket['status'], ['leave']))
 
-class TicketModule (Module):
-
+class TicketModule (Module):
+
     def save_changes(self, req, id):
-        self.perm.assert_permission (perm.TICKET_MODIFY)
-        ticket = Ticket(self.db, id)
-
-        if not req.args.get('summary'):
-            raise util.TracError('Tickets must contain Summary.')
-
-        if req.args.has_key('description'):
-            self.perm.assert_permission (perm.TICKET_ADMIN)
-
-        if req.args.has_key('reporter'):
-            self.perm.assert_permission (perm.TICKET_ADMIN)
-
-        # TODO: this should not be hard-coded like this
-        action = req.args.get('action', None)
-        if action == 'accept':
-            ticket['status'] =  'assigned'
-            ticket['owner'] = req.authname
-        if action == 'resolve':
-            ticket['status'] = 'closed'
-            ticket['resolution'] = req.args.get('resolve_resolution')
-        elif action == 'reassign':
-            ticket['owner'] = req.args.get('reassign_owner')
-            ticket['status'] = 'new'
-        elif action == 'reopen':
-            ticket['status'] = 'reopened'
-            ticket['resolution'] = ''
-
-        ticket.populate(req.args)
-
+        if self.perm.has_permission(perm.TICKET_EDIT):
+            # TICKET_EDIT gives permission to edit the ticket
+            if not req.args.get('summary'):
+                raise util.TracError('Tickets must contain Summary.')
+
+            ticket = Ticket(self.db, id)
+            if req.args.has_key('description'):
+                self.perm.assert_permission (perm.TICKET_ADMIN)
+
+            if req.args.has_key('reporter'):
+                self.perm.assert_permission (perm.TICKET_ADMIN)
+
+            ticket.populate(req.args)
+
+        elif self.perm.has_permission(perm.TICKET_APPEND):
+            # Allow appending a comment to the ticket only
+            ticket = Ticket(self.db, id)
+        else:
+            raise perm.PermissionError(perm.TICKET_EDIT)
+
+        # Do any action on the ticket?
+        action = req.args.get('action', None)
+
+        # Make sure the action is valid
+        if action not in get_ticket_actions(ticket, self.perm):
+            raise util.TracError('Invalid action')
+
+        # TODO: this should not be hard-coded like this
+        if action == 'accept':
+            ticket['status'] =  'assigned'
+            ticket['owner'] = req.authname
+        if action == 'resolve':
+            ticket['status'] = 'closed'
+            ticket['resolution'] = req.args.get('resolve_resolution')
+        elif action == 'reassign':
+            ticket['owner'] = req.args.get('reassign_owner')
+            ticket['status'] = 'new'
+        elif action == 'reopen':
+            ticket['status'] = 'reopened'
+            ticket['resolution'] = ''
+
         now = int(time.time())
         ticket.save_changes(self.db, req.args.get('author', req.authname),
                             req.args.get('comment'), when=now)
@@ -493 +522 @@
         # List attached files
         self.env.get_attachments_hdf(self.db, 'ticket', str(id), req.hdf,
                                      'ticket.attachments')
-        req.hdf['ticket.attach_href'] = self.env.href.attachment('ticket', id)
+        if self.perm.has_permission(perm.TICKET_ATTACH):
+            req.hdf['ticket.attach_href'] = self.env.href.attachment('ticket', id)
+
+        # Add the possible workflow paths to hdf
+        for action in get_ticket_actions(ticket,self.perm):
+            req.hdf['ticket.workflow.' + action] = '1'
 
     def render(self, req):
         self.perm.assert_permission (perm.TICKET_VIEW)
@@ -530 +564 @@
         else:
             req.hdf['ticket.reassign_owner'] = req.authname
 
-        self.insert_ticket_data(req, id, ticket, reporter_id)
+        self.insert_ticket_data(req, id, ticket, reporter_id)
 
         # If the ticket is being shown in the context of a query, add
         # links to help navigate in the query result set

templates/ticket.cs

@@ -128 +128 @@
  /each ?></div><?cs
 /if ?>
 
-<?cs if $trac.acl.TICKET_MODIFY ?>
+<?cs if $trac.acl.TICKET_EDIT || $trac.acl.TICKET_APPEND ?>
 <form action="<?cs var:cgi_location ?>#preview" method="post">
  <hr />
  <h3><a name="edit" onfocus="document.getElementById('comment').focus()">Add/Change #<?cs
@@ -155 +155 @@
   /if ?>
  </div>
 
+ <?cs if $trac.acl.TICKET_EDIT ?>
  <fieldset id="properties">
   <legend>Change Properties</legend>
   <div class="main">
@@ -203 +204 @@
    <?cs call:ticket_custom_props(ticket) ?>
   </div><?cs /if ?>
  </fieldset>
+ <?cs /if ?>
 
+ <?cs if ticket.workflow.accept || ticket.workflow.reopen || ticket.workflow.resolve || ticket.workflow.reassign ?>
  <fieldset id="action">
   <legend>Action</legend><?cs
   if:!ticket.action ?><?cs set:ticket.action = 'leave' ?><?cs
@@ -214 +217 @@
      /if ?> /><?cs
   /def ?>
   <?cs call:action_radio('leave') ?>
-  <label for="leave">leave as <?cs var:ticket.status ?></label><br /><?cs
-  if $ticket.status == "new" ?>
-   <?cs call:action_radio('accept') ?>
-   <label for="accept">accept ticket</label><br /><?cs
+    <label for="leave">leave as <?cs var:ticket.status ?></label><br /><?cs
+  if ticket.workflow.accept ?><?cs
+    call:action_radio('accept') ?>
+    <label for="accept">accept ticket</label><br /><?cs
   /if ?><?cs
-  if $ticket.status == "closed" ?>
-   <?cs call:action_radio('reopen') ?>
-   <label for="reopen">reopen ticket</label><br /><?cs
+  if ticket.workflow.reopen ?><?cs
+    call:action_radio('reopen') ?>
+    <label for="reopen">reopen ticket</label><br /><?cs
   /if ?><?cs
-  if $ticket.status == "new" || $ticket.status == "assigned" || $ticket.status == "reopened" ?>
-   <?cs call:action_radio('resolve') ?>
-   <label for="resolve">resolve</label>
-   <label for="resolve_resolution">as:</label>
-   <?cs call:hdf_select(enums.resolution, "resolve_resolution", args.resolve_resolution, 0) ?><br />
-   <?cs call:action_radio('reassign') ?>
-   <label for="reassign">reassign</label>
-   <label>to:<?cs
-   if:len(ticket.users) ?><?cs
-    call:hdf_select(ticket.users, "reassign_owner", ticket.reassign_owner, 0) ?><?cs
-   else ?>
-    <input type="text" id="reassign_owner" name="reassign_owner" size="40" value="<?cs
-      var:ticket.reassign_owner ?>" /><?cs
-   /if ?></label><?cs
+  if ticket.workflow.resolve ?><?cs
+    call:action_radio('resolve') ?>
+    <label for="resolve">resolve</label>
+    <label for="resolve_resolution">as:</label>
+    <?cs call:hdf_select(enums.resolution, "resolve_resolution", args.resolve_resolution, 0) ?><br /><?cs
   /if ?><?cs
-  if $ticket.status == "new" || $ticket.status == "assigned" || $ticket.status == "reopened" ?>
-   <script type="text/javascript">
-     var resolve = document.getElementById("resolve");
-     var reassign = document.getElementById("reassign");
-     var updateActionFields = function() {
-       enableControl('resolve_resolution', resolve.checked);
-       enableControl('reassign_owner', reassign.checked);
+  if ticket.workflow.reassign ?><?cs
+    call:action_radio('reassign') ?>
+    <label for="reassign">reassign</label>
+    <label>to:<?cs
+    if:len(ticket.users) ?><?cs
+     call:hdf_select(ticket.users, "reassign_owner", ticket.reassign_owner, 0) ?><?cs
+    else ?>
+     <input type="text" id="reassign_owner" name="reassign_owner" size="40" value="<?cs
+       var:ticket.reassign_owner ?>" /><?cs
+    /if ?></label><?cs
+  /if ?><?cs
+  if ticket.workflow.resolve || ticket.workflow.reassign ?>
+   <script type="text/javascript"><?cs
+   if ticket.workflow.resolve ?>
+     var resolve = document.getElementById("resolve");<?cs
+   /if ?><?cs
+   if ticket.workflow.reassign ?>
+     var reassign = document.getElementById("reassign");<?cs
+   /if ?>
+     var updateActionFields = function() {<?cs
+   if ticket.workflow.resolve ?>
+       enableControl('resolve_resolution', resolve.checked);<?cs
+   /if ?><?cs
+   if ticket.workflow.reassign ?>
+       enableControl('reassign_owner', reassign.checked);<?cs
+   /if ?>
      };
      addEvent(window, 'load', updateActionFields);
      addEvent(document.getElementById("leave"), 'click', updateActionFields);<?cs
-    if $ticket.status == "new" ?>
+   if ticket.workflow.accept ?>
      addEvent(document.getElementById("accept"), 'click', updateActionFields);<?cs
-    /if ?>
-    addEvent(resolve, 'click', updateActionFields);
-    addEvent(reassign, 'click', updateActionFields);
+   /if ?><?cs
+   if ticket.workflow.resolve ?>
+           addEvent(resolve, 'click', updateActionFields);<?cs
+         /if ?><?cs
+         if ticket.workflow.reopen ?>
+           addEvent(document.getElementById("reopen"), 'click', updateActionFields);<?cs
+         /if ?><?cs
+         if ticket.workflow.reassign ?>
+           addEvent(reassign, 'click', updateActionFields);<?cs
+   /if ?>
    </script><?cs
   /if ?>
  </fieldset>
+ <?cs else ?>
+ <input type="hidden" name="action" value="leave" />
+ <?cs /if ?>
 
  <script type="text/javascript" src="<?cs
    var:htdocs_location ?>js/wikitoolbar.js"></script>
@@ -263 +286 @@
  <div class="buttons">
   <input type="reset" value="Reset" />&nbsp;
   <input type="submit" name="preview" value="Preview" />&nbsp;
-  <input type="submit" value="Submit changes" /> 
+  <input type="submit" value="Submit changes" />
  </div>
 </form>
 <?cs /if ?>