Edgewall Software

Version 1 (modified by Ryan J Ollos, 7 years ago) ( diff )

Summarized mailing list discussion about RestrictTicketActionsPolicy.

Custom Permission Policies

Permission policies were introduced on the TracFineGrainedPermissions page. Many policies can be implemented with a short plugin. Some custom permission policy examples are given on this page.

Restrict a Workflow Action to the Ticket Owner

This permissions policy can be used to restrict a workflow action to the ticket's owner.

To install and activate the plugin:

  1. Create a single file plugin that implements IPermissionPolicy:
    # -*- coding: utf-8 -*-
    #
    # Copyright (C) 2014 Edgewall Software
    # All rights reserved.
    #
    # This software is licensed as described in the file COPYING, which
    # you should have received as part of this distribution. The terms
    # are also available at http://trac.edgewall.org/wiki/TracLicense.
    #
    # This software consists of voluntary contributions made by many
    # individuals. For the exact contribution history, see the revision
    # history and logs, available at http://trac.edgewall.org/log/.
    
    from trac.core import *
    from trac.perm import IPermissionPolicy, IPermissionRequestor
    from trac.ticket.model import Ticket
    
    
    class RestrictTicketActionsPolicy(Component):
        """Provides a permission for restricting ticket actions to the
        ticket owner.
        """
    
        implements(IPermissionPolicy, IPermissionRequestor)
    
        # IPermissionRequestor methods
    
        def get_permission_actions(self):
            return ['TICKET_CHANGE_STATE']
    
        # IPermissionPolicy methods
    
        def check_permission(self, action, username, resource, perm):
            if action == 'TICKET_CHANGE_STATE' \
                    and resource is not None \
                    and resource.realm == 'ticket' \
                    and resource.id is not None:
                ticket = Ticket(self.env, resource.id)
                return ticket['owner'] == username
            return None
    
  2. Edit the permission_policies option in the [trac] section of trac.ini, adding the component before the default permission policy:
    [trac]
    permission_policies = RestrictTicketActions, ...
    
  3. Require TICKET_CHANGE_STATE for one or more workflow actions. For example, the default workflow could be modified so that only the ticket owner can assign tickets:
    -reassign.permissions = TICKET_MODIFY
    +reassign.permissions = TICKET_CHANGE_STATE
    
  4. Grant the TICKET_CHANGE_STATE permission to your users.

See also: ReadonlySignedTickets policy, mailing list discussion about RestrictTicketActionsPolicy

Note: See TracWiki for help on using the wiki.