Access control for ticket reporters

[robert@…]

It would be nice to have access control such that users can add comments to tickets they have reported, but not to other tickets.

How it might work

Scenario

Alice, Bob and Charlie are logged in to Trac and looking at the same ticket. Bob is a member of the staff group, which has TICKET_MODIFY permission.

Ticket

Reported by

Alice

Assigned to

Bob

Consequences

Alice is not a member of the staff group. She can still comment on this ticket, because she reported it.

Bob can comment on this ticket, because he is a member of the staff group.

Charlie can not comment on this ticket, because he is neither a member of staff nor the reporter of the ticket.

[robert@…]

A special pseudo-group, owner could be used to assign permissions in this situation. Administrators would not add users to this group -- membership would only be transient.

$ trac-admin /path/to/projenv permission add owner TICKET_APPEND

Trac would consider a user to be a member of the owner group when she is the reporter (or asignee) of the ticket being modified.

Even better, how about two pseudo-groups reporter and assignee?

It would be worth considering how the other components of the system might work with such an approach.

[sid]

You can accomplish this (or a very similar process) by:

1. Giving users the TICKET_APPEND permission
2. Installing the ​PrivateTicketsPlugin
3. Giving users the TICKET_VIEW_REPORTER permission

So the reporter will be able to append comments to their tickets only.

The potential downside of this approach is that the user will only be able to view their tickets, not all tickets. But you can talk to Noah about extending the plugin if we need this fixed.

See also #3466 which proposes to merge the PrivateTicketsPlugin functionality into Trac core.

[cboos]

See rather #1316.