[PATCH] Don't allow anonymous users to modify some fields

[Steven R. Loomis <srl@…>]

This patch lets you set a comma separated list of fields that won't be visible at /newticket time to users without TICKET_MODIFY status.

Included is a bonus exception check we received when there were non-numeric ticket numbers.

To use: in trac.ini, we have this line:

[ticket]
not_anon_fields=load,priority,keywords,revw,owner,cc,xref,weeks,milestone

These are fields we do NOT want 'anonymous' users to modify when creating a ticket. (For example, revw is used to mark a ticket with the name of a reviewer.)

Note that there is a default list of fields hidden as well with this patch. The default could be made empty.

[Steven R. Loomis <srl@…>]

8653_not_anon_fields.patch against milestone:0.11.5 r8446

[Ryan Ollos <ryano@…>]

Replying to Steven R. Loomis <srl@…>:

This patch lets you set a comma separated list of fields that won't be visible at /newticket time to users without TICKET_MODIFY status.

If I could make a suggestion … you talk about requiring TICKET_MODIFY permission, but then name the corresponding field not_anon_fields. However, there is no requirement in a Trac installation that TICKET_MODIFY is or is not granted to anonymous users, so you are associating two things that need not be associated.

If this or something similar were to be integrated into Trac, it seems like the field would be more appropriately named something like hide_if_not_ticket_modify.

[Christian Boos]

Also, in Trac proper, I would rather see an extension of the "namespace" to specify what has to be tested, see comment:176:ticket:454.

I'll collect those ideas and write a new proposal in TracDev/Proposals/EvenFinerGrainedPermissions.

[Christian Boos]

Milestone 2.0 deleted

[Christian Boos]

Milestone triaging deleted

[Ryan J Ollos]

#8778 closed as a duplicate.