TICKET_ADMIN privilege allows modifying and even deleting Milestones

[kontakt at meitzner dot net]

Just by accident I figures out that by giving the TICKET_ADMIN privilege to my trac users, I give them all the powers to modify all ticket properties in the Admin Panel. I've seen there are (#6833) and have been (#3163) efforts to allow better control over who is allowed to do that.

What bothers me is that TICKET_ADMIN also seems to allow the user implicitly to modify and even delete Milestones in the "Ticket System" section of the Admin panel. So when I create a Milestone as TRAC_ADMIN, a user having TICKET_ADMIN privileges can delete it, while only having MILESTONE_VIEW privileges additionally.

Am I completely wrong to doubt that this behavior is a feature rather than a bug? At least it—IMHO—is an inconsistency in the privileges, since I do not expect a user having TICKET_ADMIN and MILESTONE_VIEW to effectively be able to change and delete Milestones.

I'm using Trac 0.11.4, please ask me if you need further information. I'd be glad if someone could maybe check and confirm on a vorgin Trac install, since I have a lot of plugins installed which raises the possibility of one of those causing the problem.

Cheerz, Martin

[Remy Blank]

I'll check that.

[Tim Hatch]

Fix other ticket links in description.

[Remy Blank]

Confirmed on 0.11-stable. I'll add the permission checks for MILESTONE_CREATE, MILESTONE_DELETE and MILESTONE_MODIFY in addition to TICKET_ADMIN for the milestone admin panel.

[Remy Blank]

I have added the relevant checks in [8165]. Also, elements for actions that the user cannot perform are either removed or disabled.

[Ryan J Ollos]

#11069 contains some related work and a few refactorings related to [8165].