On Tuesday, November 18, 2014 6:33:19 AM UTC-8, RjOllos wrote:
>
> On Monday, November 17, 2014 10:42:56 PM UTC-8, NS wrote:
>>
>> Guys, I want to know how can I limit few of my trac users, so that they 
>> will have limited permissions on ticket assigning? 
>>
>> Basically, It's like this....We have 4 user groups as;
>>
>>
>> Super Admin - John
>> Engineer Admin - Jane, Jack, 
>> Engineer - Peter, Sam, 
>> Quality Assurance - Bill, Steve, Rose
>> This is how our main daily routine goes, 
>>
>> * Enginner Admins can create tickets and assign it to any of the other 
>> member so they will work on it.
>> * Engineers don't actually create anything, but in some cases they will 
>> create.
>> * QA team tests the product and create new tickets for bugs...and they 
>> assign it to anyone they want.
>>
>> So with basic features we have in Trac, this is all fine..But now, the time 
>> has come to limit these QA guys because it's not going easy anymore when 
>> they assign any one they want.
>>
>> Instead, I want them to be able to assign only to Jane or Jack, who is in 
>> the Engineer Admin group. (If I add anyone to Eng. admin group in future, 
>> they should be able to assign him/her to too)
>>
>> Then Jane or Jack will assign the ticket to the relevant Enginner who is in 
>> the Engineer Group.
>>
>> How can I get this done?
>>
>> I tried many ways like custom permission, workflows and so on..But had no 
>> luck so far. I hope somebody can help me soon.
>>
>> Thanks in advance!!!!!!!
>>
>>
>
> I'll attempt to clarify the previously described recipe. I ran through 
> these steps on a clean Trac instance with Trac 1.0.1.
>
> Here is what I understand your requirements to be:
>  - Users in all 4 groups can create tickets.
>  - Users in the Super Admin, Engineer Admin and Engineer groups can assign 
> a ticket to anyone.
>  - Users in the Quality Assurance group can only assign to users in the 
> Engineer Admin group.
>
> 1. Enable ExtraPermissionsProvider
>
> Navigate to Admin tab, then General > Plugins (url 
> is /admin/general/plugin)
>
>
>
> <https://lh3.googleusercontent.com/-YMuy8HJ2JZ4/VGtNA9h4CEI/AAAAAAAAB5Y/OlOXa9JT3l8/s1600/ExtraPermissionsProvider.png>
>
>
> Or you can enable by directly editing trac.ini:
>
> [components]
> tracopt.perm.config_perm_provider.extrapermissionsprovider = enabled
>
>
> 2. Define permission by directly editing trac.ini:
>
> [extra-permissions]
> _perms = TICKET_ASSIGN_QA, TICKET_ASSIGN
>
>
> 3. Edit [ticket-workflow] in trac.ini
>
> Started with the basic default workflow,
>
> [ticket-workflow]
> accept = new,assigned,accepted,reopened -> accepted
> accept.operations = set_owner_to_self
> accept.permissions = TICKET_MODIFY
> leave = * -> *
> leave.default = 1
> leave.operations = leave_status
> reassign = new,assigned,accepted,reopened -> assigned
> reassign.operations = set_owner
> reassign.permissions = TICKET_MODIFY
> reopen = closed -> reopened
> reopen.operations = del_resolution
> reopen.permissions = TICKET_CREATE
> resolve = new,assigned,accepted,reopened -> closed
> resolve.operations = set_resolution
> resolve.permissions = TICKET_MODIFY
>
>
> Added special actions for the QA group and modified the permissions for 
> the existing actions:
>
> [ticket-workflow]
> accept = new,assigned,accepted,reopened -> accepted
> accept.operations = set_owner_to_self
> accept.permissions = TICKET_ASSIGN
> leave = * -> *
> leave.default = 1
> leave.operations = leave_status
> reassign = new,assigned,accepted,reopened -> assigned
> reassign.operations = set_owner
> reassign.permissions = TICKET_ASSIGN
> reopen = closed -> reopened
> reopen.operations = del_resolution
> reopen.permissions = TICKET_CREATE
> resolve = new,assigned,accepted,reopened -> closed
> resolve.operations = set_resolution
> resolve.permissions = TICKET_MODIFY
> qa_reassign = new,assigned,accepted,reopened -> assigned
> qa_reassign.name = reassign
> qa_reassign.operations = set_owner
> qa_reassign.permissions = TICKET_ASSIGN_QA
> qa_reassign.set_owner = Jane, Jack
>
>
> 4. Groups - it sounds like you've already defined these and I tried to 
> copy what you have. Here it is for reference:
>
>
> <https://lh6.googleusercontent.com/-Gtz-FAf1w6A/VGtQSbp1uzI/AAAAAAAAB5k/QyjbkOuVv5M/s1600/GroupMembership.png>
>
>
> 5. Permissions
>
> I started with the default permission scheme.
>
> a. Give the Super Admin, Engineer Admin and Engineer groups the 
> TICKET_ASSIGN permission. I took for your description that those groups 
> should be able to create tickets and assign to anyone.
>
> b. Give the Quality Assurance group the TICKET_ASSIGN_QA permission. This 
> will give them limited assign-to ability, but they will be able to create 
> any tickets.
>
>
> <https://lh3.googleusercontent.com/-wY8seeKtO-E/VGtYahLpt3I/AAAAAAAAB6E/NkVX4ng3kos/s1600/Permissions.png>
>
>
>
>
> Here is a demonstration. I'm logged in as Steve and created a new ticket. 
> The workflow dialog shows:
>
>
> <https://lh3.googleusercontent.com/-1qkDHcZA_ac/VGtS0POHe7I/AAAAAAAAB5w/jVqbcVY3P4Q/s1600/QaActions.png>
> The assign-to select element contains just two users: Jack and Jane. When 
> additional users are added to the Engineer Admin group in the future the 
> qa_reassign.set_owner list in the [ticket-workflow] section will need to be 
> edited to add those users. This would all be a bit nicer if a group could 
> be specified for qa_reassign.set_owner, but Trac doesn't allow that yet. 
> Maybe the aforementioned GroupingAssignToPlugin can help with that, I'm not 
> sure. For a small scale operation in which you aren't adding new users too 
> often I wouldn't expect this to be much of an issue, just document the 
> steps to be done when adding users to groups.
>
> You also said "Then Jane or Jack will assign the ticket to the relevant 
> Enginner who is in the Engineer Group.". If you want to restrict the list 
> of users that Jane and Jack see in the assign-to list, you would follow the 
> same steps as above to create a new assign-to permission, and a new 
> workflow action that applies only to users with that permission.
>
> When logged in as Jane I can assign to anyone. If you have [ticket] 
> restrict_owner = True you'll see a list of all users rather than a simple 
> input box.
>
>
> <https://lh5.googleusercontent.com/-Rj9MAbelkq4/VGtT0FnZRTI/AAAAAAAAB54/NU0GBCS0vJI/s1600/ActionsJane.png>
>
>
> References:
>  * http://trac.edgewall.org/wiki/ExtraPermissionsProvider
>  * http://trac.edgewall.org/wiki/TracWorkflow
>  * 
> http://stackoverflow.com/questions/26965933/trac-limited-assign-permissions/26970812#26970812
>
>

One more thing. The [[Workflow]] macro inserted anywhere that wiki markup 
is allowed will display the configured workflow. This can be a useful tool 
to get the desired workflow.





-- 
You received this message because you are subscribed to the Google Groups "Trac 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to