| Version 7 (modified by , 7 years ago) ( diff ) |
|---|
Custom Permission Policies
Permission policies were introduced on the TracFineGrainedPermissions page. Custom policies can often be implemented with a short plugin. Some custom permission policy examples are given on this page.
Restrict a Workflow Action to the Ticket Owner
This permissions policy can be used to restrict a workflow action to the ticket's owner.
To install and activate the plugin:
- Create a single file plugin that implements IPermissionPolicy and IPermissionRequestor:
# -*- coding: utf-8 -*- # # Copyright (C) 2014 Edgewall Software # All rights reserved. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms # are also available at http://trac.edgewall.org/wiki/TracLicense. # # This software consists of voluntary contributions made by many # individuals. For the exact contribution history, see the revision # history and logs, available at http://trac.edgewall.org/log/. from trac.core import * from trac.perm import IPermissionPolicy, IPermissionRequestor from trac.ticket.model import Ticket class RestrictTicketActionsPolicy(Component): """Provides a permission for restricting ticket actions to the ticket owner. """ implements(IPermissionPolicy, IPermissionRequestor) # IPermissionRequestor methods def get_permission_actions(self): return ['TICKET_CHANGE_STATE'] # IPermissionPolicy methods def check_permission(self, action, username, resource, perm): if action == 'TICKET_CHANGE_STATE' \ and resource is not None \ and resource.realm == 'ticket' \ and resource.id is not None: ticket = Ticket(self.env, resource.id) return ticket['owner'] == username return None
- Edit the
permission_policiesoption in the [trac] section of trac.ini, adding the component before the default permission policy:[trac] permission_policies = RestrictTicketActions, ...
- Require
TICKET_CHANGE_STATEfor one or more workflow actions. For example, the default workflow could be modified so that only the ticket owner can assign tickets:-reassign.permissions = TICKET_MODIFY +reassign.permissions = TICKET_CHANGE_STATE
- Grant the
TICKET_CHANGE_STATEpermission to your users.
Grant a permission to the Ticket Owner
This permissions policy can be used to grant permissions to the ticket's owner.
To install and activate the plugin:
- Create a single file plugin that implements IPermissionPolicy:
# -*- coding: utf-8 -*- # # Copyright (C) 2014 Edgewall Software # All rights reserved. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms # are also available at http://trac.edgewall.org/wiki/TracLicense. # # This software consists of voluntary contributions made by many # individuals. For the exact contribution history, see the revision # history and logs, available at http://trac.edgewall.org/log/. from trac.core import * from trac.perm import IPermissionPolicy from trac.ticket.model import Ticket class GrantTicketOwnerPermissionsPolicy(Component): """Grants permissions to the ticket owner.""" implements(IPermissionPolicy) allowed_actions = ( 'TICKET_CHGPROP', 'TICKET_EDIT_CC', 'TICKET_EDIT_DESCRIPTION', 'TICKET_EDIT_COMMENT') # IPermissionPolicy methods def check_permission(self, action, username, resource, perm): if action in self.allowed_actions \ and resource is not None \ and resource.realm == 'ticket' \ and resource.id is not None: ticket = Ticket(self.env, resource.id) if ticket['owner'] == username: return True return None
- Edit the
permission_policiesoption in the [trac] section of trac.ini, adding the component before the default permission policy:[trac] permission_policies = GrantTicketOwnerPermissionsPolicy, ...
Variations
- Remove permissions from the
allowed_actionsor add others. - Change
ticket['owner']toticket['reporter']to grant the permissions to the Ticket Reporter instead.
Support Desk Policy
This permission policy allows users to view only tickets they have reported.
To install and activate the plugin:
- Create a single file plugin that implements IPermissionPolicy:
# -*- coding: utf-8 -*- # # Copyright (C) 2017 Edgewall Software # All rights reserved. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms # are also available at http://trac.edgewall.org/wiki/TracLicense. # # This software consists of voluntary contributions made by many # individuals. For the exact contribution history, see the revision # history and logs, available at http://trac.edgewall.org/log/. from trac.core import * from trac.perm import IPermissionPolicy, IPermissionRequestor from trac.ticket.model import Ticket class SupportDeskPolicy(Component): """Provides a permission for restricting ticket actions to the ticket owner. """ implements(IPermissionPolicy, IPermissionRequestor) # IPermissionRequestor methods def get_permission_actions(self): return ['TICKET_VIEW_REPORTED'] # IPermissionPolicy methods def check_permission(self, action, username, resource, perm): if username != 'anonymous' and \ action == 'TICKET_VIEW' and \ resource is not None and \ resource.realm == 'ticket' and \ resource.id is not None and \ 'TICKET_VIEW_REPORTED' in perm: ticket = Ticket(self.env, resource.id) return ticket['reporter'] == username
- Revoke
TICKET_VIEWand grantTICKET_VIEW_REPORTEDfor users that should only view tickets they reported. - Grant other permissions such as
TICKET_CHGPROP,TICKET_APPENDorTICKET_MODIFY. Users can only change tickets they can view, therefore you'll only be granting these permissions for tickets the user reported.
See also: ReadonlySignedTickets policy, mailing list discussion about RestrictTicketActionsPolicy
Note:
See TracWiki
for help on using the wiki.
