|Version 2 (modified by 7 years ago) ( diff ),|
Custom Permission Policies
Permission policies were introduced on the TracFineGrainedPermissions page. Many policies can be implemented with a short plugin. Some custom permission policy examples are given on this page.
Restrict a Workflow Action to the Ticket Owner
This permissions policy can be used to restrict a workflow action to the ticket's owner.
To install and activate the plugin:
- Create a single file plugin that implements IPermissionPolicy and IPermissionRequestor:
# -*- coding: utf-8 -*- # # Copyright (C) 2014 Edgewall Software # All rights reserved. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms # are also available at http://trac.edgewall.org/wiki/TracLicense. # # This software consists of voluntary contributions made by many # individuals. For the exact contribution history, see the revision # history and logs, available at http://trac.edgewall.org/log/. from trac.core import * from trac.perm import IPermissionPolicy, IPermissionRequestor from trac.ticket.model import Ticket class RestrictTicketActionsPolicy(Component): """Provides a permission for restricting ticket actions to the ticket owner. """ implements(IPermissionPolicy, IPermissionRequestor) # IPermissionRequestor methods def get_permission_actions(self): return ['TICKET_CHANGE_STATE'] # IPermissionPolicy methods def check_permission(self, action, username, resource, perm): if action == 'TICKET_CHANGE_STATE' \ and resource is not None \ and resource.realm == 'ticket' \ and resource.id is not None: ticket = Ticket(self.env, resource.id) return ticket['owner'] == username return None
- Edit the
permission_policiesoption in the [trac] section of trac.ini, adding the component before the default permission policy:
[trac] permission_policies = RestrictTicketActions, ...
TICKET_CHANGE_STATEfor one or more workflow actions. For example, the default workflow could be modified so that only the ticket owner can assign tickets:
-reassign.permissions = TICKET_MODIFY +reassign.permissions = TICKET_CHANGE_STATE
- Grant the
TICKET_CHANGE_STATEpermission to your users.