| 123 | == Support Desk Policy |
| 124 | |
| 125 | This permission policy allows users to view only tickets they have reported. |
| 126 | |
| 127 | To install and activate the plugin: |
| 128 | 1. Create a [TracDev/PluginDevelopment#Singlefileplugins single file plugin] that implements [wiki:TracDev/PluginDevelopment/ExtensionPoints/trac.perm.IPermissionPolicy IPermissionPolicy]: |
| 129 | {{{#!python |
| 130 | # -*- coding: utf-8 -*- |
| 131 | # |
| 132 | # Copyright (C) 2017 Edgewall Software |
| 133 | # All rights reserved. |
| 134 | # |
| 135 | # This software is licensed as described in the file COPYING, which |
| 136 | # you should have received as part of this distribution. The terms |
| 137 | # are also available at http://trac.edgewall.org/wiki/TracLicense. |
| 138 | # |
| 139 | # This software consists of voluntary contributions made by many |
| 140 | # individuals. For the exact contribution history, see the revision |
| 141 | # history and logs, available at http://trac.edgewall.org/log/. |
| 142 | |
| 143 | from trac.core import * |
| 144 | from trac.perm import IPermissionPolicy, IPermissionRequestor |
| 145 | from trac.ticket.model import Ticket |
| 146 | |
| 147 | |
| 148 | class SupportDeskPolicy(Component): |
| 149 | """Provides a permission for restricting ticket actions to the |
| 150 | ticket owner. |
| 151 | """ |
| 152 | |
| 153 | implements(IPermissionPolicy, IPermissionRequestor) |
| 154 | |
| 155 | # IPermissionRequestor methods |
| 156 | |
| 157 | def get_permission_actions(self): |
| 158 | return ['TICKET_VIEW_REPORTED'] |
| 159 | |
| 160 | # IPermissionPolicy methods |
| 161 | |
| 162 | def check_permission(self, action, username, resource, perm): |
| 163 | if username != 'anonymous' and \ |
| 164 | action == 'TICKET_VIEW' and \ |
| 165 | resource is not None and \ |
| 166 | resource.realm == 'ticket' and \ |
| 167 | resource.id is not None and \ |
| 168 | 'TICKET_VIEW_REPORTED' in perm: |
| 169 | ticket = Ticket(self.env, resource.id) |
| 170 | return ticket['reporter'] == username |
| 171 | }}} |
| 172 | 1. Revoke `TICKET_VIEW` and grant `TICKET_VIEW_REPORTED` for users that should only view tickets they reported. |
| 173 | 1. Grant other permissions such as `TICKET_CHGPROP`, `TICKET_APPEND` or `TICKET_MODIFY`. Users can only change tickets they can view, therefore you'll only be granting these permissions for tickets the user reported. |
| 174 | |