Context Navigation

Modify ↓

#8035 closed enhancement (fixed)

query LegacyAttachmentPolicy permissions against parent resource

Reported by:	Stephen Compall <stephen.compall@…>	Owned by:	stephen.compall@…
Priority:	normal	Milestone:	0.11.3
Component:	attachment	Version:	0.11.2.1
Severity:	minor	Keywords:	patch
Cc:		Branch:
Release Notes:
API Changes:
Internal Changes:

Description

As the idea of LegacyAttachmentPolicy is to link permission to view, change etc attachments to the permission to view, change etc their containing resources, i.e. tickets, wiki pages, and milestones, the resource queried for permission ought to be that parent resource. For example, as ATTACHMENT_VIEW maps to TICKET_VIEW, the TICKET_VIEW should be checked against the ticket resource.

I rely on this in my installation, because I have fine-grained ticket and wiki access policy.

Attachments (1)

legacyattachment-perm-from-parent-resource.diff (2.5 KB ) - added by Stephen Compall <stephen.compall@…> 15 years ago.: patch with unit testing

Download all attachments as: .zip

Change History (5)

by Stephen Compall <stephen.compall@…>, 15 years ago

Attachment:	legacyattachment-perm-from-parent-resource.diff added

patch with unit testing

comment:1 by Stephen Compall <stephen.compall@…>, 15 years ago

Keywords:	patch added

This patch alters LegacyAttachmentPolicy accordingly and adds the test test_legacy_permission_on_parent, with some setUp changes to accommodate.

comment:2 by Remy Blank, 15 years ago

Milestone:	→ 0.11.4
Owner:	set to Remy Blank

Looks good. Adding to to-do.

comment:3 by Remy Blank, 15 years ago

Milestone:	0.11.4 → 0.11.3
Resolution:	→ fixed
Status:	new → closed

Patch applied in [7861]. Thanks!

comment:4 by Remy Blank, 15 years ago

Owner:	changed from Remy Blank to stephen.compall@…

Modify Ticket

Change Properties

Summary:
Description:	As the idea of `LegacyAttachmentPolicy` is to link permission to view, change etc attachments to the permission to view, change etc their containing resources, i.e. tickets, wiki pages, and milestones, the resource queried for permission ought to be that parent resource. For example, as `ATTACHMENT_VIEW` maps to `TICKET_VIEW`, the `TICKET_VIEW` should be checked against the ticket resource. I rely on this in my installation, because I have fine-grained ticket and wiki access policy. You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as closed The owner will remain stephen.compall@….

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from stephen.compall@… to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: