[Trac] Re: Workflow: Disable modifying ticket description only

[Florian Schricker]

Update: I check the log and found the following "checking permission to 
death" most probably causing the issue.
2016-08-29 09:40:26,888 Trac[web_ui] ERROR: Timeline event provider failed:
Traceback (most recent call last):
  File 
"/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/timeline/web_ui.py", 
line 190, in process_request
    filters) or []:
  File 
"/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/ticket/web_ui.py", 
line 335, in get_timeline_events
    for (ev, t) in produce_ticket_change_events(db):
  File 
"/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/ticket/web_ui.py", 
line 308, in produce_ticket_change_events
    cid)
  File 
"/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/ticket/web_ui.py", 
line 262, in produce_event
    if 'TICKET_VIEW' not in req.perm(ticket):
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 556, in has_permission
    return self._has_permission(action, resource)
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 570, in _has_permission
    check_permission(action, perm.username, resource, perm)
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 462, in check_permission
    perm)
  File 
"/usr/lib/python2.6/site-packages/TracPrivateTickets-2.0.2dev_r11777-py2.6.egg/privatetickets/policy.py",
 
line 34, in check_permission
    'TRAC_ADMIN' in perm:
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 556, in has_permission
    return self._has_permission(action, resource)
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 570, in _has_permission
    check_permission(action, perm.username, resource, perm)
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 462, in check_permission
    perm)
  File "/var/trac/imstec/plugins/XxxxxReadonlyTicketsPlugin.py", line 14, 
in check_permission
    action == 'TICKET_ADMIN' or 'TICKET_ADMIN' in perm:
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 556, in has_permission
    return self._has_permission(action, resource)
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 570, in _has_permission
    check_permission(action, perm.username, resource, perm)
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 462, in check_permission
    perm)
  File 
"/usr/lib/python2.6/site-packages/TracPrivateTickets-2.0.2dev_r11777-py2.6.egg/privatetickets/policy.py",
 
line 34, in check_permission
    'TRAC_ADMIN' in perm:
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 556, in has_permission
    return self._has_permission(action, resource)
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 570, in _has_permission
    check_permission(action, perm.username, resource, perm)
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 462, in check_permission
    perm)
  File "/var/trac/imstec/plugins/XxxxxReadonlyTicketsPlugin.py", line 14, 
in check_permission
    action == 'TICKET_ADMIN' or 'TICKET_ADMIN' in perm:
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 556, in has_permission
    return self._has_permission(action, resource)
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 570, in _has_permission
    check_permission(action, perm.username, resource, perm)
  File "/usr/lib/python2.6/site-packages/Trac-1.0-py2.6.egg/trac/perm.py", 
line 462, in check_permission
    perm)
[... and so on ...]

As can be seen "TracPrivateTickets" might be the culprit?
Any idea? Or a workaround in my XxxxxReadonlyTicketsPlugin?

regards

Am Montag, 29. August 2016 09:51:32 UTC+2 schrieb Florian Schricker:
>
> Hi,
>
> I setup a variant of ReadonlySignedTickets on our test system and worked.
> On our production system as soon as I add the plugin as permission policy 
> I receive a runtime error when using the timeline function: RuntimeError: 
> maximum recursion depth exceeded while calling a Python object
>
> Single-file plugin code:
>
> author = "xxxx"
>
> from trac.core import *
> from trac.perm import IPermissionPolicy
> from trac.ticket.model import Ticket
>
> class XxxxxxReadonlyTicketsPlugin(Component):
>         implements(IPermissionPolicy)
>
>         def check_permission(self, action, username, resource, perm):
>                 if resource is None or resource.realm != 'ticket' or \
>                    resource.id is None or \
>                    action in ['TICKET_VIEW', 'TICKET_APPEND'] or \
>                    action == 'TICKET_ADMIN' or 'TICKET_ADMIN' in perm:
>                         return None
>
>                 t = Ticket(self.env, resource.id)
>                 if t['status'] == 'closed' and t['type'] == 'review':
>                         return False
>
> Current permession policy setup:
> permission_policies = PrivateWikiSystem, PrivateTicketsPolicy, 
> AttachmentDeletePolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy
>
> I tested adding the plugin as first policy entry and right before 
> "DefaultPermissionPolicy" with the same runtime error.
>
>
> Does anybody have an idea?
>
>
> Am Mittwoch, 20. Juli 2016 09:49:02 UTC+2 schrieb Florian Schricker:
>>
>>
>> Hi Ryan,
>>
>>
>> thanks for picking up the question!
>>
>>
>> Am Dienstag, 19. Juli 2016 16:53:43 UTC+2 schrieb RjOllos:
>>>
>>>
>>> On Tuesday, July 19, 2016 at 6:43:54 AM UTC-7, Florian Schricker wrote:
>>>>
>>>> I am uncertain whether this is possible at all so I am asking here: I 
>>>> would like to disable modifying the ticket description when the ticket is 
>>>> in a given state while still allowing commenting. Can anything like this 
>>>> be 
>>>> configured in a workflow?
>>>>
>>>
>>> 1. BlackMagicTicketsPlugin (1) allows a permission to be specified to 
>>> edit a ticket field. 
>>>
>> 2. ExtraPermissionsProvider (2) allow you to define new permissions.
>>>
>> 3. A permissions policy could be implemented, similar to 
>>> ReadonlySignedTickets (3), to deny a permission when the ticket is in a 
>>> particular state.
>>>
>>> Putting those three things together, I think it might work to define a 
>>> new permission for editing the ticket description, and deny the permission 
>>> when the ticket is in a particular state.
>>>
>>> (1) https://trac-hacks.org/wiki/BlackMagicTicketTweaksPlugin 
>>> (2) https://trac.edgewall.org/wiki/TracPermissions#CreatingNewPrivileges
>>> (3) 
>>> https://trac.edgewall.org/wiki/CookBook/Configuration/SignedTickets#Readonlylogic
>>>
>>  
>> From looking at ReadonlySignedTickets I am wondering if this plugin would 
>> not suffice already:
>>
>>    - Using the "Allow ticket comments" variation (basically enabling 
>>    permission TICKET_APPEND again commenting would be enabled, but not 
>>    modifying the description (TICKET_MODIFY required, no?).
>>    - Enhancing the lines "if t['status'] == 'closed' and t['resolution'] 
>>    == 'signed': return False" with the actual ticket states I am having 
>>    here in my setup would do the rest. There would be no configuration via 
>>    trac.ini but I can do without.
>>
>> I think I'll give it a go, thanks again for these good pointers to actual 
>> solutions!!
>> Florian
>>
>

-- 
You received this message because you are subscribed to the Google Groups "Trac 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to trac-users+unsubscr...@googlegroups.com.
To post to this group, send email to trac-users@googlegroups.com.
Visit this group at https://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.