Edgewall Software

Changes between Version 4 and Version 5 of CookBook/PermissionPolicies


Ignore:
Timestamp:
Mar 9, 2017, 7:28:19 PM (7 years ago)
Author:
Peter Suter
Comment:

Add GrantTicketOwnerPermissionsPolicy example

Legend:

Unmodified
Added
Removed
Modified

  • CookBook/PermissionPolicies

    v4 v5  
    6363 1. Grant the `TICKET_CHANGE_STATE` permission to your users.
    6464
     65== Grant a permission to the Ticket Owner
     66
     67This permissions policy can be used to grant permissions to the ticket's owner.
     68
     69To install and activate the plugin:
     70 1. Create a [TracDev/PluginDevelopment#Singlefileplugins single file plugin] that implements [wiki:TracDev/PluginDevelopment/ExtensionPoints/trac.perm.IPermissionPolicy IPermissionPolicy]:
     71{{{#!python
     72# -*- coding: utf-8 -*-
     73#
     74# Copyright (C) 2014 Edgewall Software
     75# All rights reserved.
     76#
     77# This software is licensed as described in the file COPYING, which
     78# you should have received as part of this distribution. The terms
     79# are also available at http://trac.edgewall.org/wiki/TracLicense.
     80#
     81# This software consists of voluntary contributions made by many
     82# individuals. For the exact contribution history, see the revision
     83# history and logs, available at http://trac.edgewall.org/log/.
     84
     85from trac.core import *
     86from trac.perm import IPermissionPolicy
     87from trac.ticket.model import Ticket
     88
     89
     90class GrantTicketOwnerPermissionsPolicy(Component):
     91    """Grants permissions to the ticket owner."""
     92
     93    implements(IPermissionPolicy)
     94
     95    allowed_actions = (
     96        'TICKET_CHGPROP',
     97        'TICKET_EDIT_CC',
     98        'TICKET_EDIT_DESCRIPTION',
     99        'TICKET_EDIT_COMMENT')
     100
     101    # IPermissionPolicy methods
     102
     103    def check_permission(self, action, username, resource, perm):
     104        if action in self.allowed_actions \
     105                and resource is not None \
     106                and resource.realm == 'ticket' \
     107                and resource.id is not None:
     108            ticket = Ticket(self.env, resource.id)
     109            return ticket['owner'] == username
     110        return None
     111}}}
     112 1. Edit the `permission_policies` option in the [TracIni#trac-section "[trac]"] section of trac.ini, adding the component ''before'' the default [TracPermissions permission] policy:
     113 {{{#!ini
     114 [trac]
     115 permission_policies = GrantTicketOwnerPermissionsPolicy, ...
     116}}}
     117
     118==== Variations
     119* Remove permissions from the `allowed_actions` or add others.
     120* Change `ticket['owner']` to `ticket['reporter']` to grant the permissions to the Ticket Reporter instead.
     121
    65122----
    66123