While this now fixes the Timeline function, modifying tickets now fails with the same recursion error. I have not yet checked the logs.
For a better understanding let me ask the following question: >From my research I was not expecting the policies to "interact" with each other recursively at all. I was thinking that all configured policies are asked in sequence until some policy returns True or False, with returning None just meaning "ask the next policy". Where is the recursion? Is it a bug in TracPrivateTickets? (I checked the TracPrivateTickets defects, newer revisions do not fix anything wrt to permissions.) Am Montag, 29. August 2016 20:15:26 UTC+2 schrieb Peter Suter: > > On 29.08.2016 11:26, Florian Schricker wrote: > > File > "/usr/lib/python2.6/site-packages/TracPrivateTickets-2.0.2dev_r11777-py2.6.egg/privatetickets/policy.py", > > line 34, in check_permission > 'TRAC_ADMIN' in perm: > > ... > > File "/var/trac/imstec/plugins/XxxxxReadonlyTicketsPlugin.py", line 14, > in check_permission > action == 'TICKET_ADMIN' or 'TICKET_ADMIN' in perm: > > These two policies go back and forth, one asking "is TICKET_ADMIN > allowed?" and the other replying "is TRAC_ADMIN" allowed?" and so on. > > As can be seen "TracPrivateTickets" might be the culprit? > Any idea? Or a workaround in my XxxxxReadonlyTicketsPlugin? > > I think you need to break the cycle and when asked "is TRAC_ADMIN > allowed?" drop out before asking back about TICKET_ADMIN. Try adding `action > == 'TRAC_ADMIN'` to the check as follows: > > def check_permission(self, action, username, resource, perm): >> if resource is None or resource.realm != 'ticket' or \ >> resource.id is None or \ >> action in ['TICKET_VIEW', 'TICKET_APPEND'] or \ >> action == 'TRAC_ADMIN' or \ >> action == 'TICKET_ADMIN' or 'TICKET_ADMIN' in perm: >> return None >> > > Hope this helps. > > Peter > -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
