Edgewall Software
Modify

Opened 18 years ago

Closed 16 years ago

#2357 closed defect (worksforme)

restrict_owner lists too many users

Reported by: Norbert Unterberg <nunterberg@…> Owned by: Jonas Borgström
Priority: normal Milestone:
Component: ticket system Version: 0.9
Severity: normal Keywords: documentation
Cc: nunterberg@… Branch:
Release Notes:
API Changes:
Internal Changes:

Description

According to the documentation (see TracTickets), the restict_owner ini setting should add all users that have entered their name and e-mail address. Hoever, the drop-down list on the ticket page lists all users that have ever authenticated, even if they never went to the settings page.

I have entered the query used by the get_known_users function in env.py directly in SQLite (version 3.2.2), and the result is a list with all users, no matter if they entered their e-mail or not. The nested query seems to be failing.

This might look related to #2351 and #1347, but I think it is different.

Attachments (0)

Change History (12)

comment:1 by Norbert Unterberg <nunterberg@…>, 18 years ago

It seems that using INNER JOIN instead of LEFT JOIN does fix it.

comment:2 by Norbert Unterberg <nunterberg@…>, 18 years ago

Cc: nunterberg@… added

comment:3 by markus, 18 years ago

get_known_users' docstring reads as follows:

"""Generator that yields information about all known users, i.e. users
that have logged in to this Trac environment and possibly set their name
and email.
	
[...]
	
"""

So, this is rather a mistake in the TracTickets documentation than in the function itself.

comment:4 by Norbert Unterberg <nunterberg@…>, 18 years ago

However, I would prefer to have the get_known_users' function and docstring corrected and not the wiki documenation, because it makes more sense (at least for us) to allow only users with e-mail addresses as ticket owners.

comment:5 by markus, 18 years ago

Well, after looking through the source it seems like all functions that make use of get_known_users() drop all the users without a name and email set up in the session table (except ticket.api).

However, I'd prefer to leave get_known_users() untouched and …

1) change ticket.api like this:

  • trac/ticket/api.py

     
    5757            field['type'] = 'select'
    5858            users = []
    5959            for username, name, email in self.env.get_known_users(db):
    60                 users.append(username)
     60                if name and email:
     61                    users.append(username)
    6162            field['options'] = users
    6263            field['optional'] = True
    6364        else:

2) enhance WebAdmin in the way that it can enumerate and delete old user information. See #1347.

comment:6 by Christopher Lenz, 18 years ago

Milestone: 0.9.10.9.2

comment:7 by Christopher Lenz, 18 years ago

Milestone: 0.9.31.0

Later.

comment:8 by sid, 17 years ago

Keywords: documentation added

restrict_owner now only shows authenticated Trac users that have TICKET_MODIFY permission.

TracTickets still has conflicting information on the TracTickets section.

If the list of possible ticket owners is finite, you can change the assign-to ticket field from a text input to a drop-down list. This is done by setting the restrict_owner option of the [ticket] section in trac.ini to “true”. In that case, Trac will use the list of all users who have logged in and set their email address to populate the drop-down field.

and then:

To appear in the dropdown list, a user needs be registered with the project, i.e. a user session should exist in the database. Such an entry is automatically created in the database the first time the user submits a change in the project, for example when editing the user's details in the Settings page. Also, the user must have TICKET_MODIFY permissions.

comment:9 by sid, 17 years ago

Oops, appears that the conflicting documentation is already being addressed in #2887.

comment:10 by sid, 17 years ago

Keywords: restrict_owner removed

Proposing to close this as wontfix based on comment:8 and comment:9

comment:11 by jpjoyal@…, 17 years ago

Discussing user need for restrict_owner and ticket assignment. In my organization we want to be able to assign ticket to any developer (trac user that does work) but we don't want anyone being able to change ticket proprieties like milestone. So using another or a new permission (or a completly different way but permission) to filter the list of possible owner seems more appropriate.

in reply to:  10 comment:12 by osimons, 16 years ago

Milestone: 1.0
Resolution: worksforme
Status: newclosed

Replying to sid:

Proposing to close this as wontfix based on comment:8 and comment:9

Agree on closing, but suppose it will be worksforme relative to the original proposal as the feature has been much improved since the ticket was created? I have also touched up that conflicting wiki docs a little.

As for the last comment above, with Trac 0.11 there are ways to do this via plugins. The most natural would be to make a new Permission Policy plugin (TracDev/SecurityBranch) for fine-grained permissions to TICKET_MODIFY - make your own criteria for who should have permission or not. See source:trunk/sample-plugins/permissions for examples.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.