Version 5 (modified by 7 years ago) ( diff ) | ,
---|
Custom Permission Policies
Permission policies were introduced on the TracFineGrainedPermissions page. Custom policies can often be implemented with a short plugin. Some custom permission policy examples are given on this page.
Restrict a Workflow Action to the Ticket Owner
This permissions policy can be used to restrict a workflow action to the ticket's owner.
To install and activate the plugin:
- Create a single file plugin that implements IPermissionPolicy and IPermissionRequestor:
# -*- coding: utf-8 -*- # # Copyright (C) 2014 Edgewall Software # All rights reserved. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms # are also available at http://trac.edgewall.org/wiki/TracLicense. # # This software consists of voluntary contributions made by many # individuals. For the exact contribution history, see the revision # history and logs, available at http://trac.edgewall.org/log/. from trac.core import * from trac.perm import IPermissionPolicy, IPermissionRequestor from trac.ticket.model import Ticket class RestrictTicketActionsPolicy(Component): """Provides a permission for restricting ticket actions to the ticket owner. """ implements(IPermissionPolicy, IPermissionRequestor) # IPermissionRequestor methods def get_permission_actions(self): return ['TICKET_CHANGE_STATE'] # IPermissionPolicy methods def check_permission(self, action, username, resource, perm): if action == 'TICKET_CHANGE_STATE' \ and resource is not None \ and resource.realm == 'ticket' \ and resource.id is not None: ticket = Ticket(self.env, resource.id) return ticket['owner'] == username return None
- Edit the
permission_policies
option in the [trac] section of trac.ini, adding the component before the default permission policy:[trac] permission_policies = RestrictTicketActions, ...
- Require
TICKET_CHANGE_STATE
for one or more workflow actions. For example, the default workflow could be modified so that only the ticket owner can assign tickets:-reassign.permissions = TICKET_MODIFY +reassign.permissions = TICKET_CHANGE_STATE
- Grant the
TICKET_CHANGE_STATE
permission to your users.
Grant a permission to the Ticket Owner
This permissions policy can be used to grant permissions to the ticket's owner.
To install and activate the plugin:
- Create a single file plugin that implements IPermissionPolicy:
# -*- coding: utf-8 -*- # # Copyright (C) 2014 Edgewall Software # All rights reserved. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms # are also available at http://trac.edgewall.org/wiki/TracLicense. # # This software consists of voluntary contributions made by many # individuals. For the exact contribution history, see the revision # history and logs, available at http://trac.edgewall.org/log/. from trac.core import * from trac.perm import IPermissionPolicy from trac.ticket.model import Ticket class GrantTicketOwnerPermissionsPolicy(Component): """Grants permissions to the ticket owner.""" implements(IPermissionPolicy) allowed_actions = ( 'TICKET_CHGPROP', 'TICKET_EDIT_CC', 'TICKET_EDIT_DESCRIPTION', 'TICKET_EDIT_COMMENT') # IPermissionPolicy methods def check_permission(self, action, username, resource, perm): if action in self.allowed_actions \ and resource is not None \ and resource.realm == 'ticket' \ and resource.id is not None: ticket = Ticket(self.env, resource.id) return ticket['owner'] == username return None
- Edit the
permission_policies
option in the [trac] section of trac.ini, adding the component before the default permission policy:[trac] permission_policies = GrantTicketOwnerPermissionsPolicy, ...
Variations
- Remove permissions from the
allowed_actions
or add others. - Change
ticket['owner']
toticket['reporter']
to grant the permissions to the Ticket Reporter instead.
See also: ReadonlySignedTickets policy, mailing list discussion about RestrictTicketActionsPolicy