Also, it turns out the this bit of code is not working. I thought it was
working, but it turns out the test user (temp1) was not authenticated.
Judging by the log, it seems as though everything is working as you would
expect, temp1 should not be able to edit the request. However, the update
commits and subsequent notifications are sent.
ReadonlySignedTickets.py
{{{
from trac.core import *
from trac.perm import IPermissionPolicy
from trac.ticket.model import Ticket
class ReadonlySignedTickets(Component):
implements(IPermissionPolicy)
def check_permission(self, action, username, resource, perm):
if resource is None or resource.realm != 'ticket' or \
resource.id is None or action == 'TICKET_VIEW' or \
action == 'TRAC_ADMIN' or 'TRAC_ADMIN' in perm:
return None
t = Ticket(self.env, resource.id)
if t['resolution'] == 'signed':
return False
}}}
Trac Log
2014-07-28 14:02:15,937 Trac[blackmagic] DEBUG: Checking permission
TICKET_ADMIN
2014-07-28 14:02:15,938 Trac[blackmagic] DEBUG: type disabled or hidden
2014-07-28 14:02:15,942 Trac[blackmagic] DEBUG: OT: Task
2014-07-28 14:02:15,942 Trac[blackmagic] DEBUG: NEW: Task
2014-07-28 14:02:15,954 Trac[default_workflow] DEBUG:
render_ticket_action_control: action "leave"
2014-07-28 14:02:15,954 Trac[default_workflow] DEBUG:
render_ticket_action_control: action "reopen"
2014-07-28 14:02:15,974 Trac[perm] DEBUG: No policy allowed temp1
performing TICKET_EDIT_COMMENT on <Resource u'ticket:1969'>
On Mon, Jul 28, 2014 at 11:31 AM, Ryan Ollos <[email protected]> wrote:
> On Mon, Jul 28, 2014 at 10:55 AM, Jared Bownds <[email protected]>
> wrote:
>
>> You nailed it! The code below works. However, users are still able to
>> 'edit' their own comments once a ticket is resolved as signed.
>>
>> {{{
>> from trac.core import *
>> from trac.perm import IPermissionPolicy
>> from trac.ticket.model import Ticket
>>
>> class ReadonlySignedTickets(Component):
>> implements(IPermissionPolicy)
>>
>> def check_permission(self, action, username, resource, perm):
>> if resource is None or resource.realm != 'ticket' or \
>> resource.id is None or action == 'TICKET_VIEW' or \
>> action == 'TRAC_ADMIN' or 'TRAC_ADMIN' in perm:
>>
>> return None
>>
>> t = Ticket(self.env, resource.id)
>> if t['resolution'] == 'signed':
>> return False
>> }}}
>>
>
> Peter's plugin shown above work for me on 1.0-stable, and users aren't
> able to edit comments even if they have been granted TICKET_ADMIN. I used
> resolution //signed// rather than //Signed// since all of Trac's predefined
> resolutions are in lowercase.
>
> Which Trac version are you running?
>
> In order to implement your other requirements, it sounds like you'll want
> to:
> * Enable ExtraPermissionsProvider
> [components]
> tracopt.perm.config_perm_provider.extrapermissionsprovider = enabled
>
> * Add the signed permission:
> [extra-permissions]
> _perms = TICKET_SIGNED
>
> * Grant TICKET_SIGNED to the appropriate user.
>
> * Modify your workflow to only allow users with TICKET_SIGNED to resolve
> a ticket as signed. This is where things seem to get a bit tricky. You may
> need to have a workflow state signed rather than using a resolution, but
> that might not work since you probably want tickets to end in the closed
> state. You might need to implement a workflow action to replace
> set_resolution, which does permission checking to decide who can resolve a
> ticket as signed ... or perhaps the permission checking can be done in the
> ReadonlySignedTickets policy as well. I'll have to give that more thought.
>
>
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Trac Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/trac-users/1GNDHTObQKg/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To post to this group, send email to [email protected].
> Visit this group at http://groups.google.com/group/trac-users.
> For more options, visit https://groups.google.com/d/optout.
>
--
Jared Bownds
c. 916-224-2324
e. Jared.Bownds@g <[email protected]>mail.com
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
