On Mon, Jul 28, 2014 at 10:55 AM, Jared Bownds <[email protected]>
wrote:
> You nailed it! The code below works. However, users are still able to
> 'edit' their own comments once a ticket is resolved as signed.
>
> {{{
> from trac.core import *
> from trac.perm import IPermissionPolicy
> from trac.ticket.model import Ticket
>
> class ReadonlySignedTickets(Component):
> implements(IPermissionPolicy)
>
> def check_permission(self, action, username, resource, perm):
> if resource is None or resource.realm != 'ticket' or \
> resource.id is None or action == 'TICKET_VIEW' or \
> action == 'TRAC_ADMIN' or 'TRAC_ADMIN' in perm:
>
> return None
>
> t = Ticket(self.env, resource.id)
> if t['resolution'] == 'signed':
> return False
> }}}
>
Peter's plugin shown above work for me on 1.0-stable, and users aren't able
to edit comments even if they have been granted TICKET_ADMIN. I used
resolution //signed// rather than //Signed// since all of Trac's predefined
resolutions are in lowercase.
Which Trac version are you running?
In order to implement your other requirements, it sounds like you'll want
to:
* Enable ExtraPermissionsProvider
[components]
tracopt.perm.config_perm_provider.extrapermissionsprovider = enabled
* Add the signed permission:
[extra-permissions]
_perms = TICKET_SIGNED
* Grant TICKET_SIGNED to the appropriate user.
* Modify your workflow to only allow users with TICKET_SIGNED to resolve a
ticket as signed. This is where things seem to get a bit tricky. You may
need to have a workflow state signed rather than using a resolution, but
that might not work since you probably want tickets to end in the closed
state. You might need to implement a workflow action to replace
set_resolution, which does permission checking to decide who can resolve a
ticket as signed ... or perhaps the permission checking can be done in the
ReadonlySignedTickets policy as well. I'll have to give that more thought.
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
