Changes between Version 100 and Version 101 of TracPermissions
- Timestamp:
- Mar 19, 2017, 2:22:25 AM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracPermissions
v100 v101 14 14 15 15 To access this tab, a user must have one of the following permissions: `TRAC_ADMIN`, `PERMISSION_ADMIN`, `PERMISSION_GRANT`, `PERMISSION_REVOKE`. The permissions can be granted using the `trac-admin` command (more on `trac-admin` below): 16 {{{ 17 16 {{{#!sh 17 $ trac-admin /path/to/projenv permission add bob TRAC_ADMIN 18 18 }}} 19 19 … … 36 36 === Repository Browser 37 37 38 || `BROWSER_VIEW` || View directory listings in the [ wiki:TracBrowser repository browser] ||39 || `LOG_VIEW` || View revision logs of files and directories in the [ wiki:TracBrowser repository browser] ||40 || `FILE_VIEW` || View files in the [ wiki:TracBrowser repository browser] ||41 || `CHANGESET_VIEW` || View [ wiki:TracChangeset repository check-ins] ||38 || `BROWSER_VIEW` || View directory listings in the [TracBrowser repository browser] || 39 || `LOG_VIEW` || View revision logs of files and directories in the [TracBrowser repository browser] || 40 || `FILE_VIEW` || View files in the [TracBrowser repository browser] || 41 || `CHANGESET_VIEW` || View [TracChangeset repository check-ins] || 42 42 43 43 === Ticket System 44 44 45 || `TICKET_VIEW` || View existing [ wiki:TracTickets tickets] and perform [wiki:TracQuery ticket queries] ||46 || `TICKET_CREATE` || Create new [ wiki:TracTickets tickets] ||47 || `TICKET_APPEND` || Add comments or attachments to [ wiki:TracTickets tickets] ||48 || `TICKET_CHGPROP` || Modify [ wiki:TracTickets ticket] properties (priority, assignment, keywords, etc.) with the following exceptions: edit description field, add/remove other users from cc field when logged in, and set email to pref ||49 || `TICKET_MODIFY` || Includes both `TICKET_APPEND` and `TICKET_CHGPROP`, and in addition allows resolving [ wiki:TracTickets tickets]. Tickets can be assigned to users through a [TracTickets#Assign-toasDrop-DownList drop-down list] when the list of possible owners has been restricted. ||45 || `TICKET_VIEW` || View existing [TracTickets tickets] and perform [TracQuery ticket queries] || 46 || `TICKET_CREATE` || Create new [TracTickets tickets] || 47 || `TICKET_APPEND` || Add comments or attachments to [TracTickets tickets] || 48 || `TICKET_CHGPROP` || Modify [TracTickets ticket] properties (priority, assignment, keywords, etc.) with the following exceptions: edit description field, add/remove other users from cc field when logged in, and set email to pref || 49 || `TICKET_MODIFY` || Includes both `TICKET_APPEND` and `TICKET_CHGPROP`, and in addition allows resolving [TracTickets tickets]. Tickets can be assigned to users through a [TracTickets#Assign-toasDrop-DownList drop-down list] when the list of possible owners has been restricted. || 50 50 || `TICKET_EDIT_CC` || Full modify cc field || 51 51 || `TICKET_EDIT_DESCRIPTION` || Modify description field || 52 52 || `TICKET_EDIT_COMMENT` || Modify another user's comments. Any user can modify their own comments by default. || 53 || `TICKET_BATCH_MODIFY` || [ wiki:TracBatchModify Batch modify] tickets ||53 || `TICKET_BATCH_MODIFY` || [TracBatchModify Batch modify] tickets || 54 54 || `TICKET_ADMIN` || All `TICKET_*` permissions, deletion of ticket attachments and modification of the reporter field, which grants ability to create a ticket on behalf of another user (it will appear that another user created the ticket). It also allows managing ticket properties through the web administration module. || 55 55 … … 63 63 || `MILESTONE_DELETE` || Delete milestones || 64 64 || `MILESTONE_ADMIN` || All `MILESTONE_*` permissions || 65 || `ROADMAP_VIEW` || View the [ wiki:TracRoadmap roadmap] page, is not (yet) the same as MILESTONE_VIEW, see [trac:#4292 #4292] ||65 || `ROADMAP_VIEW` || View the [TracRoadmap roadmap] page, is not (yet) the same as MILESTONE_VIEW, see [trac:#4292 #4292] || 66 66 || `ROADMAP_ADMIN` || to be removed with [trac:#3022 #3022], replaced by MILESTONE_ADMIN || 67 67 68 68 === Reports 69 69 70 || `REPORT_VIEW` || View [ wiki:TracReports reports], i.e. the "view tickets" link. ||71 || `REPORT_SQL_VIEW` || View the underlying SQL query of a [ wiki:TracReports report] ||72 || `REPORT_CREATE` || Create new [ wiki:TracReports reports] ||73 || `REPORT_MODIFY` || Modify existing [ wiki:TracReports reports] ||74 || `REPORT_DELETE` || Delete [ wiki:TracReports reports] ||70 || `REPORT_VIEW` || View [TracReports reports], i.e. the "view tickets" link. || 71 || `REPORT_SQL_VIEW` || View the underlying SQL query of a [TracReports report] || 72 || `REPORT_CREATE` || Create new [TracReports reports] || 73 || `REPORT_MODIFY` || Modify existing [TracReports reports] || 74 || `REPORT_DELETE` || Delete [TracReports reports] || 75 75 || `REPORT_ADMIN` || All `REPORT_*` permissions || 76 76 77 77 === Wiki System 78 78 79 || `WIKI_VIEW` || View existing [ wiki:TracWiki wiki] pages ||80 || `WIKI_CREATE` || Create new [ wiki:TracWiki wiki] pages ||81 || `WIKI_MODIFY` || Change [ wiki:TracWiki wiki] pages ||82 || `WIKI_RENAME` || Rename [ wiki:TracWiki wiki] pages ||83 || `WIKI_DELETE` || Delete [ wiki:TracWiki wiki] pages and attachments ||79 || `WIKI_VIEW` || View existing [TracWiki wiki] pages || 80 || `WIKI_CREATE` || Create new [TracWiki wiki] pages || 81 || `WIKI_MODIFY` || Change [TracWiki wiki] pages || 82 || `WIKI_RENAME` || Rename [TracWiki wiki] pages || 83 || `WIKI_DELETE` || Delete [TracWiki wiki] pages and attachments || 84 84 || `WIKI_ADMIN` || All `WIKI_*` permissions, plus the management of ''readonly'' pages. || 85 85 … … 92 92 === Others 93 93 94 || `TIMELINE_VIEW` || View the [ wiki:TracTimeline timeline] page ||95 || `SEARCH_VIEW` || View and execute [ wiki:TracSearch search] queries ||94 || `TIMELINE_VIEW` || View the [TracTimeline timeline] page || 95 || `SEARCH_VIEW` || View and execute [TracSearch search] queries || 96 96 || `CONFIG_VIEW` || Enables additional pages on ''About Trac'' that show the current configuration or the list of installed plugins || 97 || `EMAIL_VIEW` || Shows email addresses even if [ wiki:TracIni#trac-section trac show_email_addresses] configuration option is false ||97 || `EMAIL_VIEW` || Shows email addresses even if [TracIni#trac-section trac show_email_addresses] configuration option is false || 98 98 99 99 == Creating New Privileges 100 100 101 To create custom permissions, for example to be used in a custom workflow, enable the optional [trac:ExtraPermissionsProvider tracopt.perm.config_perm_provider.ExtraPermissionsProvider] component in the "Plugins" admin panel, and add the desired permissions to the `[extra-permissions]` section in your [ wiki:TracIni#extra-permissions-section trac.ini]. For more information, please refer to the documentation on the [wiki:TracIni#extra-permissions-section TracIni] page after enabling the component.101 To create custom permissions, for example to be used in a custom workflow, enable the optional [trac:ExtraPermissionsProvider tracopt.perm.config_perm_provider.ExtraPermissionsProvider] component in the "Plugins" admin panel, and add the desired permissions to the `[extra-permissions]` section in your [TracIni#extra-permissions-section trac.ini]. For more information, please refer to the documentation on the [TracIni#extra-permissions-section TracIni] page after enabling the component. 102 102 103 103 == Granting Privileges 104 104 105 You grant privileges to users using [ wiki:TracAdmin trac-admin]. The current set of privileges can be listed with the following command:106 {{{ 107 105 You grant privileges to users using [TracAdmin trac-admin]. The current set of privileges can be listed with the following command: 106 {{{#!sh 107 $ trac-admin /path/to/projenv permission list 108 108 }}} 109 109 110 110 This command will allow the user ''bob'' to delete reports: 111 {{{ 112 111 {{{#!sh 112 $ trac-admin /path/to/projenv permission add bob REPORT_DELETE 113 113 }}} 114 114 115 115 The `permission add` command also accepts multiple privilege names: 116 {{{ 117 116 {{{#!sh 117 $ trac-admin /path/to/projenv permission add bob REPORT_DELETE WIKI_CREATE 118 118 }}} 119 119 120 120 Or add all privileges: 121 {{{ 122 121 {{{#!sh 122 $ trac-admin /path/to/projenv permission add bob TRAC_ADMIN 123 123 }}} 124 124 … … 135 135 136 136 Permissions can be grouped together to form roles such as ''developer'', ''admin'', etc. 137 {{{ 138 139 140 141 142 137 {{{#!sh 138 $ trac-admin /path/to/projenv permission add developer WIKI_ADMIN 139 $ trac-admin /path/to/projenv permission add developer REPORT_ADMIN 140 $ trac-admin /path/to/projenv permission add developer TICKET_MODIFY 141 $ trac-admin /path/to/projenv permission add bob developer 142 $ trac-admin /path/to/projenv permission add john developer 143 143 }}} 144 144 … … 149 149 150 150 The following will add ''bob'' to the new group called ''beta_testers'' and then will assign WIKI_ADMIN permissions to that group. (Thus, ''bob'' will inherit the WIKI_ADMIN permission) 151 {{{ 152 $ trac-admin /path/to/projenv permission add bob beta_testers 153 $ trac-admin /path/to/projenv permission add beta_testers WIKI_ADMIN 154 151 {{{#!sh 152 $ trac-admin /path/to/projenv permission add bob beta_testers 153 $ trac-admin /path/to/projenv permission add beta_testers WIKI_ADMIN 155 154 }}} 156 155 … … 160 159 161 160 This command will prevent the user ''bob'' from deleting reports: 162 {{{ 163 161 {{{#!sh 162 $ trac-admin /path/to/projenv permission remove bob REPORT_DELETE 164 163 }}} 165 164 … … 167 166 168 167 You can also remove all privileges for a specific user: 169 {{{ 170 168 {{{#!sh 169 $ trac-admin /path/to/projenv permission remove bob '*' 171 170 }}} 172 171 173 172 Or one privilege for all users: 174 {{{ 175 173 {{{#!sh 174 $ trac-admin /path/to/projenv permission remove '*' REPORT_ADMIN 176 175 }}} 177 176 … … 183 182 '''anonymous''' 184 183 {{{ 185 186 187 188 189 190 191 192 193 194 195 196 184 BROWSER_VIEW 185 CHANGESET_VIEW 186 FILE_VIEW 187 LOG_VIEW 188 MILESTONE_VIEW 189 REPORT_SQL_VIEW 190 REPORT_VIEW 191 ROADMAP_VIEW 192 SEARCH_VIEW 193 TICKET_VIEW 194 TIMELINE_VIEW 195 WIKI_VIEW 197 196 }}} 198 197 199 198 '''authenticated''' 200 199 {{{ 201 202 203 204 200 TICKET_CREATE 201 TICKET_MODIFY 202 WIKI_CREATE 203 WIKI_MODIFY 205 204 }}} 206 205 ----