Edgewall Software
Modify

Opened 18 years ago

Closed 17 years ago

#2393 closed enhancement (fixed)

Access control for ticket reporters

Reported by: robert@… Owned by: Jonas Borgström
Priority: normal Milestone:
Component: ticket system Version: 0.9
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

It would be nice to have access control such that users can add comments to tickets they have reported, but not to other tickets.

How it might work

Scenario

Alice, Bob and Charlie are logged in to Trac and looking at the same ticket. Bob is a member of the staff group, which has TICKET_MODIFY permission.

Ticket

Reported by
Alice
Assigned to
Bob

Consequences

Alice is not a member of the staff group. She can still comment on this ticket, because she reported it.

Bob can comment on this ticket, because he is a member of the staff group.

Charlie can not comment on this ticket, because he is neither a member of staff nor the reporter of the ticket.

Attachments (0)

Change History (3)

comment:1 by robert@…, 18 years ago

A special pseudo-group, owner could be used to assign permissions in this situation. Administrators would not add users to this group — membership would only be transient.

$ trac-admin /path/to/projenv permission add owner TICKET_APPEND

Trac would consider a user to be a member of the owner group when she is the reporter (or asignee) of the ticket being modified.

Even better, how about two pseudo-groups reporter and assignee?

It would be worth considering how the other components of the system might work with such an approach.

comment:2 by sid, 17 years ago

You can accomplish this (or a very similar process) by:

  1. Giving users the TICKET_APPEND permission
  2. Installing the PrivateTicketsPlugin
  3. Giving users the TICKET_VIEW_REPORTER permission

So the reporter will be able to append comments to their tickets only.

The potential downside of this approach is that the user will only be able to view their tickets, not all tickets. But you can talk to Noah about extending the plugin if we need this fixed.

See also #3466 which proposes to merge the PrivateTicketsPlugin functionality into Trac core.

comment:3 by Christian Boos, 17 years ago

Resolution: fixed
Status: newclosed

See rather #1316.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.