Edgewall Software

Opened 12 years ago

Closed 12 years ago

Last modified 4 months ago

#9392 closed defect (worksforme)

workflow multi-permissions work incorrect

Reported by: airsnake78@… Owned by:
Priority: normal Milestone:
Component: ticket system Version: 0.12dev
Severity: normal Keywords:
Cc: Eli Carter Branch:
Release Notes:
API Changes:
Internal Changes:


I using default workflow handler: ConfigurableTicketWorkflow, and I setting 2 permissions for some actions, like:

accept = assigned -> accepted
accept.operations = set_owner_to_self

I think the user who has both TICKET_MODIFY and MY_CUSTOM_ACTION permissions can take action 'accept', but it's not. And I read the code, I found it's not 'AND' for multi-permissions, but 'OR':

    def _is_action_allowed(self, ticket_perm, required_perms):
        if not required_perms:
            return True
        for permission in required_perms:
            if permission in ticket_perm:
                return True
        return False

Is it a bug? or you design that: if the user just has one of 'accept.permissions', he can do the action 'accept'?

Attachments (0)

Change History (5)

comment:1 by Remy Blank, 12 years ago

Cc: Eli Carter added

I'm pretty sure this is by design. Eli?

in reply to:  1 comment:2 by Eli Carter, 12 years ago

Replying to rblank:

I'm pretty sure this is by design. Eli?

Correct. I had to pick either AND or OR to avoid having to implement something to parse logical expressions with AND, OR, NOT, XOR, NOR, NAND, parens, etc. I picked OR.

Use sample-plugins/permissions/extrapermissionsprovider.py to create a permission and grant that to only those who should have the ability to take that action.

comment:3 by Christian Boos, 12 years ago

See ExtraPermissionsProvider (since Trac 0.12; the sample plugin mentioned above should be used for 0.11).

Last edited 12 years ago by Christian Boos (previous) (diff)

comment:4 by Christian Boos, 12 years ago

Resolution: worksforme
Status: newclosed

comment:5 by airsnake78@…, 12 years ago

Thank you for telling me the design :) And I think it should be mentioned in the document TracWorkflow .

I have tried ExtraPermissionsProvider for a custom permission, but I still have to use two permissions sometimes. For example, I use TICKET_IS_OWNER from VirtualTicketPermissionsPlugin and my custom permission USER_DEVELOPER, to allow the user who has USER_DEVELOPER permission and is the owner of the ticket to do the action 'accept'. I think it is good for this situation if the permissions is AND logic. (easy to combine two(or more) plugins)

My solution is creating a plugin to make a new class ConfigurableTicketWorkflowHack(inherites original ConfigurableTicketWorkflow) which modified to AND logic from OR logic.

Modify Ticket

Change Properties
Set your email in Preferences
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from (none) to the specified user.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.