When enabling the plugin I can see it's is being loaded successfully. You
said the code below works properly for you?
*Trac log*
2014-07-29 15:36:29,284 Trac[loader] DEBUG: Loading file plugin
ReadonlySignedTickets from /srv/trac/trac/plugins/ReadonlySignedTickets.py
*ReadonlySignedTickets.py*
{{{
from trac.core import *
from trac.perm import IPermissionPolicy
from trac.ticket.model import Ticket
class ReadonlySignedTickets(Component):
implements(IPermissionPolicy)
def check_permission(self, action, username, resource, perm):
if resource is None or resource.realm != 'ticket' or \
resource.id is None or action == 'TICKET_APPEND' or \
action == 'TRAC_ADMIN' or 'TRAC_ADMIN' in perm:
return None
t = Ticket(self.env, resource.id)
if t['resolution'] == 'signed':
return False
}}}
*[trac]*
permission_policies = ReadonlySignedTickets, DefaultPermissionPolicy,
LegacyAttachmentPolicy
On Tue, Jul 29, 2014 at 2:53 PM, Ryan Ollos <[email protected]> wrote:
> On Tue, Jul 29, 2014 at 2:02 PM, Jared Bownds <[email protected]>
> wrote:
>
>> Hi Ryan,
>>
>> Here are the values for permissions_policies in trac.ini and the log
>> results for user temp1 when updating a ticket resolved as "Signed".
>>
>> *[trac]*
>> permission_policies = ReadonlySignedTickets, DefaultPermissionPolicy,
>> LegacyAttachmentPolicy
>>
>> *Log*
>> 2014-07-29 14:00:13,616 Trac[session] DEBUG: Retrieving session for ID
>> u'temp1'
>> 2014-07-29 14:00:13,624 Trac[main] DEBUG: Negotiated locale: None -> en_US
>> 2014-07-29 14:00:13,640 Trac[perm] DEBUG: No policy allowed temp1
>> performing TRAC_ADMIN on <Resource u'ticket:1969'>
>> 2014-07-29 14:00:13,650 Trac[blackmagic] DEBUG: Validating ticket: 1969
>> 2014-07-29 14:00:13,650 Trac[blackmagic] DEBUG: {'notice': None, 'hide':
>> False, 'permission': u'TICKET_ADD_HOURS', 'tip': None, 'label': None,
>> 'ondenial': u'hide', 'disable': False}
>> 2014-07-29 14:00:13,651 Trac[blackmagic] DEBUG: Checking permission
>> TICKET_ADD_HOURS
>> 2014-07-29 14:00:13,655 Trac[perm] DEBUG: No policy allowed temp1
>> performing TICKET_ADD_HOURS on <Resource u'ticket:1969'>
>> 2014-07-29 14:00:13,655 Trac[blackmagic] DEBUG: totalhours disabled or
>> hidden
>> 2014-07-29 14:00:13,660 Trac[blackmagic] DEBUG: OT: 0
>> 2014-07-29 14:00:13,660 Trac[blackmagic] DEBUG: NEW: 0
>> 2014-07-29 14:00:13,660 Trac[blackmagic] DEBUG: {'notice': None, 'hide':
>> False, 'permission': u'TRAC_ADMIN', 'tip': None, 'label': None, 'ondenial':
>> u'hide', 'disable': False}
>> 2014-07-29 14:00:13,661 Trac[blackmagic] DEBUG: {'notice': None, 'hide':
>> False, 'permission': u'TICKET_ADMIN', 'tip': None, 'label': None,
>> 'ondenial': u'hide', 'disable': False}
>> 2014-07-29 14:00:13,661 Trac[blackmagic] DEBUG: Checking permission
>> TICKET_ADMIN
>> 2014-07-29 14:00:13,665 Trac[perm] DEBUG: No policy allowed temp1
>> performing TICKET_ADMIN on <Resource u'ticket:1969'>
>> 2014-07-29 14:00:13,666 Trac[blackmagic] DEBUG: component disabled or
>> hidden
>> 2014-07-29 14:00:13,670 Trac[blackmagic] DEBUG: OT: General Requests
>> 2014-07-29 14:00:13,670 Trac[blackmagic] DEBUG: NEW: General Requests
>> 2014-07-29 14:00:13,671 Trac[blackmagic] DEBUG: {'notice': None, 'hide':
>> False, 'permission': u'TICKET_ADMIN', 'tip': None, 'label': None,
>> 'ondenial': u'hide', 'disable': False}
>> 2014-07-29 14:00:13,671 Trac[blackmagic] DEBUG: Checking permission
>> TICKET_ADMIN
>> 2014-07-29 14:00:13,671 Trac[blackmagic] DEBUG: priority disabled or
>> hidden
>> 2014-07-29 14:00:13,676 Trac[blackmagic] DEBUG: OT: High
>> 2014-07-29 14:00:13,676 Trac[blackmagic] DEBUG: NEW: High
>> 2014-07-29 14:00:13,676 Trac[blackmagic] DEBUG: {'notice': None, 'hide':
>> False, 'permission': u'TICKET_ADMIN', 'tip': None, 'label': None,
>> 'ondenial': u'hide', 'disable': False}
>> 2014-07-29 14:00:13,676 Trac[blackmagic] DEBUG: Checking permission
>> TICKET_ADMIN
>> 2014-07-29 14:00:13,677 Trac[blackmagic] DEBUG: parents disabled or hidden
>> 2014-07-29 14:00:13,681 Trac[blackmagic] DEBUG: OT:
>> 2014-07-29 14:00:13,682 Trac[blackmagic] DEBUG: NEW:
>> 2014-07-29 14:00:13,682 Trac[blackmagic] DEBUG: {'notice': None, 'hide':
>> False, 'permission': '', 'tip': u'Unless you know who should own this
>> ticket, please leave this field default.', 'label': None, 'ondenial':
>> 'disable', 'disable': False}
>> 2014-07-29 14:00:13,682 Trac[blackmagic] DEBUG: {'notice': None, 'hide':
>> False, 'permission': u'TICKET_ADD_HOURS', 'tip': None, 'label': None,
>> 'ondenial': u'hide', 'disable': False}
>> 2014-07-29 14:00:13,682 Trac[blackmagic] DEBUG: Checking permission
>> TICKET_ADD_HOURS
>> 2014-07-29 14:00:13,683 Trac[blackmagic] DEBUG: estimatedhours disabled
>> or hidden
>> 2014-07-29 14:00:13,687 Trac[blackmagic] DEBUG: OT: 0
>> 2014-07-29 14:00:13,687 Trac[blackmagic] DEBUG: NEW: 0
>> 2014-07-29 14:00:13,688 Trac[blackmagic] DEBUG: {'notice': None, 'hide':
>> False, 'permission': u'TICKET_ADMIN', 'tip': None, 'label': None,
>> 'ondenial': u'hide', 'disable': False}
>> 2014-07-29 14:00:13,688 Trac[blackmagic] DEBUG: Checking permission
>> TICKET_ADMIN
>> 2014-07-29 14:00:13,688 Trac[blackmagic] DEBUG: type disabled or hidden
>> 2014-07-29 14:00:13,693 Trac[blackmagic] DEBUG: OT: Task
>> 2014-07-29 14:00:13,693 Trac[blackmagic] DEBUG: NEW: Task
>> 2014-07-29 14:00:13,725 Trac[perm] DEBUG: No policy allowed temp1
>> performing TICKET_ADD_HOURS on None
>> 2014-07-29 14:00:14,082 Trac[notification] INFO: Sending notification
>> through SMTP at exsmtp.na.bayer.cnb:25 to [u'[email protected]',
>> u'[email protected]']
>> 2014-07-29 14:00:15,057 Trac[web_ui] DEBUG: Side effect for
>> ConfigurableTicketWorkflow
>> 2014-07-29 14:00:15,141 Trac[main] DEBUG: Dispatching <RequestWithSession
>> "GET '/ticket/1969'">
>> 2014-07-29 14:00:15,144 Trac[session] DEBUG: Retrieving session for ID
>> u'temp1'
>> 2014-07-29 14:00:15,151 Trac[main] DEBUG: Negotiated locale: None -> en_US
>> 2014-07-29 14:00:15,167 Trac[perm] DEBUG: No policy allowed temp1
>> performing TRAC_ADMIN on <Resource u'ticket:1969'>
>> 2014-07-29 14:00:15,181 Trac[default_workflow] DEBUG:
>> render_ticket_action_control: action "leave"
>> 2014-07-29 14:00:15,182 Trac[default_workflow] DEBUG:
>> render_ticket_action_control: action "reopen"
>> 2014-07-29 14:00:15,194 Trac[chrome] DEBUG: Prepare chrome data for
>> request
>> 2014-07-29 14:00:15,197 Trac[perm] DEBUG: No policy allowed temp1
>> performing ACCTMGR_CONFIG_ADMIN on None
>> 2014-07-29 14:00:15,197 Trac[perm] DEBUG: No policy allowed temp1
>> performing ACCTMGR_USER_ADMIN on None
>> 2014-07-29 14:00:15,197 Trac[perm] DEBUG: No policy allowed temp1
>> performing TICKET_ADMIN on None
>> 2014-07-29 14:00:15,198 Trac[perm] DEBUG: No policy allowed temp1
>> performing REPORT_ADMIN on None
>> 2014-07-29 14:00:15,198 Trac[perm] DEBUG: No policy allowed temp1
>> performing TRAC_ADMIN on None
>> 2014-07-29 14:00:15,199 Trac[perm] DEBUG: No policy allowed temp1
>> performing PERMISSION_GRANT on None
>> 2014-07-29 14:00:15,199 Trac[perm] DEBUG: No policy allowed temp1
>> performing PERMISSION_REVOKE on None
>> 2014-07-29 14:00:15,200 Trac[perm] DEBUG: No policy allowed temp1
>> performing MILESTONE_VIEW on None
>> 2014-07-29 14:00:15,200 Trac[perm] DEBUG: No policy allowed temp1
>> performing VERSIONCONTROL_ADMIN on None
>> 2014-07-29 14:00:15,201 Trac[perm] DEBUG: No policy allowed temp1
>> performing ROADMAP_VIEW on None
>> 2014-07-29 14:00:15,202 Trac[perm] DEBUG: No policy allowed temp1
>> performing TIMELINE_VIEW on None
>> 2014-07-29 14:00:15,203 Trac[perm] DEBUG: No policy allowed temp1
>> performing TICKET_VIEW_HOURS on None
>> 2014-07-29 14:00:15,208 Trac[blackmagic] DEBUG: Checking ticket
>> permissions for type Enhancement
>> 2014-07-29 14:00:15,208 Trac[blackmagic] DEBUG: User temp1 has permission
>> 2014-07-29 14:00:15,209 Trac[blackmagic] DEBUG: Checking ticket
>> permissions for type Defect
>> 2014-07-29 14:00:15,209 Trac[blackmagic] DEBUG: User temp1 has permission
>> 2014-07-29 14:00:15,209 Trac[blackmagic] DEBUG: Checking ticket
>> permissions for type Task
>> 2014-07-29 14:00:15,209 Trac[blackmagic] DEBUG: User temp1 has permission
>> 2014-07-29 14:00:15,211 Trac[blackmagic] DEBUG: Permissions
>> TICKET_ADD_HOURS
>> 2014-07-29 14:00:15,211 Trac[blackmagic] DEBUG: Checking permission
>> TICKET_ADD_HOURS
>> 2014-07-29 14:00:15,216 Trac[perm] DEBUG: No policy allowed temp1
>> performing TICKET_ADD_HOURS on <Resource u'ticket:1969'>
>> 2014-07-29 14:00:15,218 Trac[blackmagic] DEBUG: Permissions TRAC_ADMIN
>> 2014-07-29 14:00:15,218 Trac[blackmagic] DEBUG: Checking permission
>> TRAC_ADMIN
>> 2014-07-29 14:00:15,220 Trac[blackmagic] DEBUG: Permissions TICKET_ADMIN
>> 2014-07-29 14:00:15,220 Trac[blackmagic] DEBUG: Checking permission
>> TICKET_ADMIN
>> 2014-07-29 14:00:15,225 Trac[perm] DEBUG: No policy allowed temp1
>> performing TICKET_ADMIN on <Resource u'ticket:1969'>
>> 2014-07-29 14:00:15,226 Trac[blackmagic] DEBUG: Permissions TICKET_ADMIN
>> 2014-07-29 14:00:15,226 Trac[blackmagic] DEBUG: Checking permission
>> TICKET_ADMIN
>> 2014-07-29 14:00:15,228 Trac[blackmagic] DEBUG: Permissions TICKET_ADMIN
>> 2014-07-29 14:00:15,228 Trac[blackmagic] DEBUG: Checking permission
>> TICKET_ADMIN
>> 2014-07-29 14:00:15,230 Trac[blackmagic] DEBUG: Permissions
>> TICKET_ADD_HOURS
>> 2014-07-29 14:00:15,230 Trac[blackmagic] DEBUG: Checking permission
>> TICKET_ADD_HOURS
>> 2014-07-29 14:00:15,232 Trac[blackmagic] DEBUG: Permissions TICKET_ADMIN
>> 2014-07-29 14:00:15,232 Trac[blackmagic] DEBUG: Checking permission
>> TICKET_ADMIN
>> 2014-07-29 14:00:15,427 Trac[perm] DEBUG: No policy allowed temp1
>> performing TICKET_EDIT_COMMENT on <Resource u'ticket:1969'>
>>
>>
>
> If the policy is working correctly you will see messages like the
> following when navigating to a "signed" ticket:
>
> 02:49:07 PM Trac[perm] DEBUG: ReadonlySignedTickets denies user1
> performing TICKET_MODIFY on <Resource u'ticket:5'>
>
> So most likely either the policy isn't enabled or is failing to load.
>
> (side note: we made Trac more robust for 1.0.2 so that a TracError will be
> raised if one of the PermissionPolicies can't be loaded:
> http://trac.edgewall.org/ticket/10285)
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Trac Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/trac-users/1GNDHTObQKg/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To post to this group, send email to [email protected].
> Visit this group at http://groups.google.com/group/trac-users.
> For more options, visit https://groups.google.com/d/optout.
>
--
Jared Bownds
c. 916-224-2324
e. Jared.Bownds@g <[email protected]>mail.com
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
