Changes between Version 2 and Version 3 of Ticket #11069, comment 1
- Timestamp:
- Aug 13, 2013, 6:49:34 AM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #11069, comment 1
v2 v3 4 4 1. To add a subject to a group, the user must have all of the permissions that belong to that group. If not, on the first permission check that fails, an error such as ''TICKET_CREATE privileges are required to perform this operation. You don't have the required permissions.'' will be raised. This seems a bit ambiguous and we might want to improve on the message that is displayed. I think this would typically be confusing to a user as to why they can't add a subject to a group. 5 5 1. The logging panel was missing a permission check for `render_admin_panel` when compared to the `render_admin_panel` method for most of the other panels. However, it appears this permission check is not necessary because `render_admin_panel` won't be called unless `get_admin_panels` yields a tuple, and a permissions check is always done before yielding in `get_admin_panels` ([/browser/trunk/trac/admin/web_ui.py?rev=11054&marks=169#L163 get panels] -> [/browser/trunk/trac/admin/web_ui.py?rev=11054&marks=209-210#L201 check perm] -> [/browser/trunk/trac/admin/web_ui.py?rev=11054&marks=89,123-124#L88 render panels]). Therefore I removed the permission checks for all `render_admin_panels` methods rather than modifying the permissions checks for fine-grained checking. The ticket admin panels don't perform permission checks in `render_admin_panel` or `_render_admin_panel` either, presumably for the reason I've described here. 6 1. The milestone on the Admin Milestone panel are **not** filtered by fine-grained permissions checks, and the panel is only shown if the user has the coarse-grained `MILESTONE_VIEW` permission. I spent some time looking at this, and while I feel that we might want to do fine-grained permission checks on the milestones, it seems like this patch is getting overly complex and I need some other opinions on the matter. I didn't dive into doing fine-grained permission checks on the repositories for the same reason (and because it was making my head spin).6 1. The milestones on the Admin Milestone panel are **not** filtered by fine-grained permissions checks, and the panel is only shown if the user has the coarse-grained `MILESTONE_VIEW` permission. I spent some time looking at this, and while I feel that we might want to do fine-grained permission checks on the milestones, it seems like this patch is getting overly complex and I need some other opinions on the matter. I didn't dive into doing fine-grained permission checks on the repositories for the same reason (and because it was making my head spin). 7 7 8 8 This patch definitely needs a functional test, and may be better broken up into multiple patches. If there is interest in integrating this into the core and I get feedback on the questions I've raised here, I'll continue by generating a new patch or patches.