Opened 4 years ago
Last modified 4 years ago
#13316 closed defect
TICKET_CHG_MILESTONE doesn't always restrict changing milestone — at Version 1
Reported by: | Ryan J Ollos | Owned by: | Ryan J Ollos |
---|---|---|---|
Priority: | normal | Milestone: | 1.4.3 |
Component: | ticket system | Version: | |
Severity: | normal | Keywords: | |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description (last modified by )
Noted in gmessage:trac-users:hdQ8IaZYnGc/W7wFxeNhBgAJ, a user can still change the ticket milestone when:
TICKET_CHG_MILESTONE
is defined in[extra-permissions]
.- The user hasn't been granted
TICKET_CHG_MILESTONE
- The user has been granted
MILESTONE_VIEW
TICKET_CHG_MILESTONE
was implemented in #8778.
Note:
See TracTickets
for help on using tickets.
[982144ae2/rjollos.git] is a draft of the change. Needs test coverage. We should consider adding
PermissionSystem.get_actions()
as a cached property ofPermissionSystem
.The fix can be applied to earlier versions of Trac by replacing
DefaultTicketPolicy
with the modified policy.With the change, we fall through to checking whether the user has been granted
TICKET_CHG_MILESTONE
when the action is defined in trac.ini: