Edgewall Software

Changes between Version 14 and Version 15 of CookBook/PermissionPolicies


Ignore:
Timestamp:
May 10, 2017, 10:43:51 AM (2 years ago)
Author:
Ryan J Ollos
Comment:

Update permission policy so that search filter is present.

Legend:

Unmodified
Added
Removed
Modified
  • CookBook/PermissionPolicies

    v14 v15  
    174174        if username != 'anonymous' and \
    175175                action == 'TICKET_VIEW' and \
    176                 resource is not None and \
    177                 resource.realm == 'ticket' and \
    178                 resource.id is not None and \
    179                 'TICKET_VIEW_REPORTED' in perm:
    180             try:
    181                 ticket = Ticket(self.env, resource.id)
    182             except ResourceNotFound:
    183                 pass
    184             else:
    185                 return ticket['reporter'] == username
     176                'TICKET_ADMIN' not in perm:
     177            if 'TICKET_VIEW_REPORTED' in perm:
     178                if resource is None or \
     179                        resource.realm == 'ticket' and \
     180                        resource.id is None:
     181                    return True
     182                elif resource.realm == 'ticket' and \
     183                        resource.id is not None:
     184                    try:
     185                        ticket = Ticket(self.env, resource.id)
     186                    except ResourceNotFound:
     187                        pass
     188                    else:
     189                        return username in (ticket['reporter'], ticket['owner'])
     190
    186191}}}
    1871921. Edit the `permission_policies` option in the [TracIni#trac-section "[trac]"] section of trac.ini, adding the `SupportDeskPolicy` component ''before'' the default [TracPermissions permission] policy:
     
    190195 permission_policies = SupportDeskPolicy, ...
    191196}}}
    192 1. Revoke `TICKET_VIEW` and grant `TICKET_VIEW_REPORTED` for users that should only view tickets they reported.
     1971. Revoke `TICKET_VIEW` and grant `TICKET_VIEW_REPORTED` for users that should only view tickets they reported. Users with `TICKET_VIEW` can view all tickets, provided they don't also have `TICKET_VIEW_REPORTED`.
    1931981. Grant other permissions such as `TICKET_CHGPROP`, `TICKET_APPEND` or `TICKET_MODIFY`. Users can only change tickets they can view, therefore you'll only be granting these permissions for tickets the user reported.
    194199