Context Navigation

-1
← Previous Version
View Latest Version
Next Version →

Version 1 (modified by Ryan J Ollos, 9 years ago) ( diff )
Summarized mailing list discussion about RestrictTicketActionsPolicy.

Custom Permission Policies

Permission policies were introduced on the TracFineGrainedPermissions page. Many policies can be implemented with a short plugin. Some custom permission policy examples are given on this page.

Restrict a Workflow Action to the Ticket Owner

This permissions policy can be used to restrict a workflow action to the ticket's owner.

To install and activate the plugin:

Create a single file plugin that implements IPermissionPolicy:

# -*- coding: utf-8 -*-
#
# Copyright (C) 2014 Edgewall Software
# All rights reserved.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# are also available at http://trac.edgewall.org/wiki/TracLicense.
#
# This software consists of voluntary contributions made by many
# individuals. For the exact contribution history, see the revision
# history and logs, available at http://trac.edgewall.org/log/.

from trac.core import *
from trac.perm import IPermissionPolicy, IPermissionRequestor
from trac.ticket.model import Ticket


class RestrictTicketActionsPolicy(Component):
    """Provides a permission for restricting ticket actions to the
    ticket owner.
    """

    implements(IPermissionPolicy, IPermissionRequestor)

    # IPermissionRequestor methods

    def get_permission_actions(self):
        return ['TICKET_CHANGE_STATE']

    # IPermissionPolicy methods

    def check_permission(self, action, username, resource, perm):
        if action == 'TICKET_CHANGE_STATE' \
                and resource is not None \
                and resource.realm == 'ticket' \
                and resource.id is not None:
            ticket = Ticket(self.env, resource.id)
            return ticket['owner'] == username
        return None

Edit the permission_policies option in the [trac] section of trac.ini, adding the component before the default permission policy:
```
[trac]
permission_policies = RestrictTicketActions, ...
```
Require TICKET_CHANGE_STATE for one or more workflow actions. For example, the default workflow could be modified so that only the ticket owner can assign tickets:
```
-reassign.permissions = TICKET_MODIFY
+reassign.permissions = TICKET_CHANGE_STATE
```
Grant the TICKET_CHANGE_STATE permission to your users.

See also: ReadonlySignedTickets policy, mailing list discussion about RestrictTicketActionsPolicy

Note: See TracWiki for help on using the wiki.

Download in other formats:

Plain Text