#9392 closed defect (worksforme)
workflow multi-permissions work incorrect
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | ticket system | Version: | 0.12dev |
Severity: | normal | Keywords: | |
Cc: | Eli Carter | Branch: | |
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
I using default workflow handler: ConfigurableTicketWorkflow, and I setting 2 permissions for some actions, like:
accept = assigned -> accepted accept.operations = set_owner_to_self accept.permissions = TICKET_MODIFY,MY_CUSTOM_ACTION
I think the user who has both TICKET_MODIFY and MY_CUSTOM_ACTION permissions can take action 'accept', but it's not. And I read the code, I found it's not 'AND' for multi-permissions, but 'OR':
def _is_action_allowed(self, ticket_perm, required_perms): if not required_perms: return True for permission in required_perms: if permission in ticket_perm: return True return False
Is it a bug? or you design that: if the user just has one of 'accept.permissions', he can do the action 'accept'?
Attachments (0)
Change History (5)
follow-up: 2 comment:1 by , 15 years ago
Cc: | added |
---|
comment:2 by , 15 years ago
Replying to rblank:
I'm pretty sure this is by design. Eli?
Correct. I had to pick either AND or OR to avoid having to implement something to parse logical expressions with AND, OR, NOT, XOR, NOR, NAND, parens, etc. I picked OR.
Use sample-plugins/permissions/extrapermissionsprovider.py
to create a permission and grant that to only those who should have the ability to take that action.
comment:3 by , 15 years ago
See ExtraPermissionsProvider (since Trac 0.12; the sample plugin mentioned above should be used for 0.11).
comment:4 by , 15 years ago
Resolution: | → worksforme |
---|---|
Status: | new → closed |
comment:5 by , 15 years ago
Thank you for telling me the design :) And I think it should be mentioned in the document TracWorkflow .
I have tried ExtraPermissionsProvider for a custom permission, but I still have to use two permissions sometimes. For example, I use TICKET_IS_OWNER from VirtualTicketPermissionsPlugin and my custom permission USER_DEVELOPER, to allow the user who has USER_DEVELOPER permission and is the owner of the ticket to do the action 'accept'. I think it is good for this situation if the permissions is AND logic. (easy to combine two(or more) plugins)
My solution is creating a plugin to make a new class ConfigurableTicketWorkflowHack(inherites original ConfigurableTicketWorkflow) which modified to AND logic from OR logic.
I'm pretty sure this is by design. Eli?