Okay, hopefully this is the last iteration!
Using the code below as our example, for some reason users who are not
TRAC_ADMIN are unable to comment or modify tickets, irrespective of
resolution status.
Also, I've included my permission policy configuration below.
*ReadonlySignedTickets.py*
{{{
from trac.core import *
from trac.perm import IPermissionPolicy
from trac.ticket.model import Ticket
class ReadonlySignedTickets(Component):
implements(IPermissionPolicy)
def check_permission(self, action, username, resource, perm):
if resource is None or resource.realm != 'ticket' or \
resource.id is None or action == 'TICKET_VIEW' or \
action == 'TRAC_ADMIN' or 'TRAC_ADMIN' in perm:
return None
t = Ticket(self.env, resource.id)
if t['resolution'] == 'Signed':
return False
}}}
*[trac]*
permission_policies = DefaultPermissionPolicy, ReadonlySignedTickets,
LegacyAttachmentPolicy (this configuration locks any user but TRAC_ADMIN
irrespective of resolution type)
OR
permission_policies = ReadonlySignedTickets, DefaultPermissionPolicy,
LegacyAttachmentPolicy (This configuration doesn't work according to the
desired behavior, since I believe permissions are processed in order, one
superseding another)
On Mon, Jul 28, 2014 at 11:31 AM, Ryan Ollos <[email protected]> wrote:
> On Mon, Jul 28, 2014 at 10:55 AM, Jared Bownds <[email protected]>
> wrote:
>
>> You nailed it! The code below works. However, users are still able to
>> 'edit' their own comments once a ticket is resolved as signed.
>>
>> {{{
>> from trac.core import *
>> from trac.perm import IPermissionPolicy
>> from trac.ticket.model import Ticket
>>
>> class ReadonlySignedTickets(Component):
>> implements(IPermissionPolicy)
>>
>> def check_permission(self, action, username, resource, perm):
>> if resource is None or resource.realm != 'ticket' or \
>> resource.id is None or action == 'TICKET_VIEW' or \
>> action == 'TRAC_ADMIN' or 'TRAC_ADMIN' in perm:
>>
>> return None
>>
>> t = Ticket(self.env, resource.id)
>> if t['resolution'] == 'signed':
>> return False
>> }}}
>>
>
> Peter's plugin shown above work for me on 1.0-stable, and users aren't
> able to edit comments even if they have been granted TICKET_ADMIN. I used
> resolution //signed// rather than //Signed// since all of Trac's predefined
> resolutions are in lowercase.
>
> Which Trac version are you running?
>
> In order to implement your other requirements, it sounds like you'll want
> to:
> * Enable ExtraPermissionsProvider
> [components]
> tracopt.perm.config_perm_provider.extrapermissionsprovider = enabled
>
> * Add the signed permission:
> [extra-permissions]
> _perms = TICKET_SIGNED
>
> * Grant TICKET_SIGNED to the appropriate user.
>
> * Modify your workflow to only allow users with TICKET_SIGNED to resolve
> a ticket as signed. This is where things seem to get a bit tricky. You may
> need to have a workflow state signed rather than using a resolution, but
> that might not work since you probably want tickets to end in the closed
> state. You might need to implement a workflow action to replace
> set_resolution, which does permission checking to decide who can resolve a
> ticket as signed ... or perhaps the permission checking can be done in the
> ReadonlySignedTickets policy as well. I'll have to give that more thought.
>
>
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Trac Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/trac-users/1GNDHTObQKg/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> To post to this group, send email to [email protected].
> Visit this group at http://groups.google.com/group/trac-users.
> For more options, visit https://groups.google.com/d/optout.
>
--
Jared Bownds
c. 916-224-2324
e. Jared.Bownds@g <[email protected]>mail.com
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
