Edgewall Software

Changes between Version 6 and Version 7 of CookBook/PermissionPolicies


Ignore:
Timestamp:
Mar 19, 2017, 12:29:38 AM (7 years ago)
Author:
Ryan J Ollos
Comment:

Add permission policy for a support desk.

Legend:

Unmodified
Added
Removed
Modified

  • CookBook/PermissionPolicies

    v6 v7  
    121121* Change `ticket['owner']` to `ticket['reporter']` to grant the permissions to the Ticket Reporter instead.
    122122
     123== Support Desk Policy
     124
     125This permission policy allows users to view only tickets they have reported.
     126
     127To install and activate the plugin:
     1281. Create a [TracDev/PluginDevelopment#Singlefileplugins single file plugin] that implements [wiki:TracDev/PluginDevelopment/ExtensionPoints/trac.perm.IPermissionPolicy IPermissionPolicy]:
     129{{{#!python
     130# -*- coding: utf-8 -*-
     131#
     132# Copyright (C) 2017 Edgewall Software
     133# All rights reserved.
     134#
     135# This software is licensed as described in the file COPYING, which
     136# you should have received as part of this distribution. The terms
     137# are also available at http://trac.edgewall.org/wiki/TracLicense.
     138#
     139# This software consists of voluntary contributions made by many
     140# individuals. For the exact contribution history, see the revision
     141# history and logs, available at http://trac.edgewall.org/log/.
     142
     143from trac.core import *
     144from trac.perm import IPermissionPolicy, IPermissionRequestor
     145from trac.ticket.model import Ticket
     146
     147
     148class SupportDeskPolicy(Component):
     149    """Provides a permission for restricting ticket actions to the
     150    ticket owner.
     151    """
     152
     153    implements(IPermissionPolicy, IPermissionRequestor)
     154
     155    # IPermissionRequestor methods
     156
     157    def get_permission_actions(self):
     158        return ['TICKET_VIEW_REPORTED']
     159
     160    # IPermissionPolicy methods
     161
     162    def check_permission(self, action, username, resource, perm):
     163        if username != 'anonymous' and \
     164                action == 'TICKET_VIEW' and \
     165                resource is not None and \
     166                resource.realm == 'ticket' and \
     167                resource.id is not None and \
     168                'TICKET_VIEW_REPORTED' in perm:
     169            ticket = Ticket(self.env, resource.id)
     170            return ticket['reporter'] == username
     171}}}
     1721. Revoke `TICKET_VIEW` and grant `TICKET_VIEW_REPORTED` for users that should only view tickets they reported.
     1731. Grant other permissions such as `TICKET_CHGPROP`, `TICKET_APPEND` or `TICKET_MODIFY`. Users can only change tickets they can view, therefore you'll only be granting these permissions for tickets the user reported.
     174
    123175----
    124176