#9392 closed defect (worksforme)
workflow multi-permissions work incorrect
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | ticket system | Version: | 0.12dev |
| Severity: | normal | Keywords: | |
| Cc: | Eli Carter | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
I using default workflow handler: ConfigurableTicketWorkflow, and I setting 2 permissions for some actions, like:
accept = assigned -> accepted accept.operations = set_owner_to_self accept.permissions = TICKET_MODIFY,MY_CUSTOM_ACTION
I think the user who has both TICKET_MODIFY and MY_CUSTOM_ACTION permissions can take action 'accept', but it's not. And I read the code, I found it's not 'AND' for multi-permissions, but 'OR':
def _is_action_allowed(self, ticket_perm, required_perms):
if not required_perms:
return True
for permission in required_perms:
if permission in ticket_perm:
return True
return False
Is it a bug? or you design that: if the user just has one of 'accept.permissions', he can do the action 'accept'?
Attachments (0)
Change History (5)
follow-up: 2 comment:1 by , 14 years ago
| Cc: | added |
|---|
comment:2 by , 14 years ago
Replying to rblank:
I'm pretty sure this is by design. Eli?
Correct. I had to pick either AND or OR to avoid having to implement something to parse logical expressions with AND, OR, NOT, XOR, NOR, NAND, parens, etc. I picked OR.
Use sample-plugins/permissions/extrapermissionsprovider.py to create a permission and grant that to only those who should have the ability to take that action.
comment:3 by , 14 years ago
See ExtraPermissionsProvider (since Trac 0.12; the sample plugin mentioned above should be used for 0.11).
comment:4 by , 14 years ago
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
comment:5 by , 14 years ago
Thank you for telling me the design :) And I think it should be mentioned in the document TracWorkflow .
I have tried ExtraPermissionsProvider for a custom permission, but I still have to use two permissions sometimes. For example, I use TICKET_IS_OWNER from VirtualTicketPermissionsPlugin and my custom permission USER_DEVELOPER, to allow the user who has USER_DEVELOPER permission and is the owner of the ticket to do the action 'accept'. I think it is good for this situation if the permissions is AND logic. (easy to combine two(or more) plugins)
My solution is creating a plugin to make a new class ConfigurableTicketWorkflowHack(inherites original ConfigurableTicketWorkflow) which modified to AND logic from OR logic.
I'm pretty sure this is by design. Eli?