Dear Trac users community, I'm facing a problem with my company trac installation. I've got a trac installation with a bunch of registered users (usernames and passwords in /var/trac/main/digest). But whoever the author of a changeset is he is able to close a ticket by including the appropriate command in the commit message. Here are the steps to reproduce:
1) Correctly (I think) set permission checking in trac.ini: root@dev:~# grep commit_ticket_update_check_perms /var/trac/main/conf/trac.ini commit_ticket_update_check_perms = true 2) Clone a test repository and commit and push changes as a user who does not appear anywhere in trac configuration (neither does the email address): toto@sylvain-GC:~/boost-cgi$ git clone ssh://git/boost-cgi toto@sylvain-GC:~/boost-cgi$ git config --global user.name "Toto" toto@sylvain-GC:~/boost-cgi$ git config --global user.email "[email protected]" toto@sylvain-GC:~/boost-cgi$ echo "PLOUF" >> hello && git commit -a -m "close #67" && git push toto@sylvain-GC:~/boost-cgi$ git log -1 commit 37bc8cda563c147ad5d3dec3b032a99d90e74566 Author: Toto <[email protected]> Date: Fri Jul 18 14:22:10 2014 +0200 close #67 3) Watch #67 being closed (mail sent by Trac): #67: test -----------------------+---------------------- Reporter: sylvain | Owner: sylvain Type: defect | Status: closed Priority: major | Milestone: Component: boost-cgi | Resolution: fixed Keywords: | -----------------------+---------------------- Changes (by Toto <[email protected]> <[email protected]>): * status: reopened => closed * resolution: => fixed A peek in source code showed me that Trac checks if the author of the changeset ("Toto", I guess. Or maybe [email protected]? Anyway none has any permission) has permission TICKET_MODIFY. In our installation only "authenticated" users have TICKET_MODIFY permissions. As I could not find this "bug" documented anywhere I'm very much willing to admit I'm doing something wrong... but I'm really clueless. Any guidance would be appreciated. Best regards, Sylvain Raybaud -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
