[Trac] vulnerability_tickets.py

Mon, 24 Oct 2011 05:49:11 -0700 

 Hello,
I look to restrict ticket permission on certain users/groups
I've modified the vulnerability_tickets.py for only hide tickets with [SEC]
in keywords
But i have this error:

> *Trac detected an internal error:*
>
> AttributeError: 'Environment' object has no attribute 'db_query'
>
>
There is my modified code :



from trac.core import *

from trac.perm import IPermissionPolicy, IPermissionRequestor

revision = "$Rev$"

url = "$URL$"

class SecurityTicketsPolicy(Component):

    """Prevent public access to security sensitive tickets.



    Add the VULNERABILITY_VIEW permission as a pre-requisite for any

    other permission check done on tickets that have the words

    "[SEC]" in the summary or keywords fields.

    Once this plugin is enabled, you'll have to insert it at the appropriate

    place in your list of permission policies, e.g.

    {{{

    [trac]

    permission_policies = SecurityTicketsPolicy, AuthzPolicy,

                          DefaultPermissionPolicy, LegacyAttachmentPolicy

    }}}

    """



    implements(IPermissionPolicy, IPermissionRequestor)

    # IPermissionPolicy methods

    def check_permission(self, action, username, resource, perm):

        # We add the 'VULNERABILITY_VIEW' pre-requisite for any action

        # other than 'VULNERABILITY_VIEW' itself, as this would lead

        # to recursion.

        if action == 'VULNERABILITY_VIEW':

            return



        # Check whether we're dealing with a ticket resource

        while resource:

            if resource.realm == 'ticket':

                break

            resource = resource.parent

        if resource and resource.realm == 'ticket' and resource.id is not
> None:

            for keywords, summary in self.env.db_query(

                    "SELECT keywords FROM ticket WHERE id=%s",

                    (resource.id,)):

                fields = ''.join(f for f in (keywords) if f).lower()

                if '[SEC]' in fields:

                    if 'VULNERABILITY_VIEW' not in perm:

                        return False

    # IPermissionRequestor methods

    def get_permission_actions(self):

        yield 'VULNERABILITY_VIEW'


Any ideas ?

-- 
You received this message because you are subscribed to the Google Groups "Trac 
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/trac-users?hl=en.

Reply via email to