Restrict users from seeing tickets that are not their own

[tdussa@…]

We'd like to prohibit users from seeing tickets that they did not report. (Obviously, some users with proper permissions would need to be exempt from this rule.)

I believe that this can be done if users come through the reporting facility by disallowing users to create their own custom queries and offering only queries which contain SQL statements to the desired effect.

However, as far as I see, this will not prevent users from looking up tickets directly with the proper URL.

Would there be an easy way to implement such a privilege?

[cboos]

The WorkFlow and PermissionPolicy sandboxes provide capabilities which would make this possible. However, this comes up so frequently that I think we should consider having a simple configuration setting part of the core ticket module, for implementing this behavior.

[Noah Kantrowitz (coderanger) <coderanger@…>]

This is implemented in the PrivateTickets plugin.

[cboos]

Well, like I said in comment:1, I also would like to have this capability in Trac core, using a:

[tickets]
private_tickets = true

setting or something similar (with no additional permissions setup required). Only the developers (those with TICKET_ADMIN privilege) would be able to see all tickets, regardless of who's the reporter.

This will be useful for Trac setups in commercial environments and I think this should come out-of-the-box with minimal setup required.

[cboos]

See related #2393, where it's the same problematic but for the 'TICKET_APPEND' privilege.

[cboos]

This is actually a duplicate of #1316.