On Tuesday, August 30, 2016 at 12:25:26 AM UTC-7, Florian Schricker wrote: > > While this now fixes the Timeline function, modifying tickets now fails > with the same recursion error. I have not yet checked the logs. > > For a better understanding let me ask the following question: > > From my research I was not expecting the policies to "interact" with each > other recursively at all. I was thinking that all configured policies are > asked in sequence until some policy returns True or False, with returning > None just meaning "ask the next policy". Where is the recursion? Is it a > bug in TracPrivateTickets? >
There shouldn't be recursion in ReadonlySignedTickets because of the check "action == 'TICKET_ADMIN' or 'TICKET_ADMIN' in perm". "'TICKET_ADMIN' in perm" will cause a recursive permission check for the action TICKET_ADMIN, but when ReadonlySignedTickets is called again it will return None due to the "action == 'TICKET_ADMIN'" conditional. There were some indentation problems in the example on the Cookbook page, as well as some omissions, which I hope are fixed now: https://trac.edgewall.org/wiki/CookBook/Configuration/SignedTickets?action=diff&version=6&old_version=4 Could you please try again with the example on that page? The recipe describes how to include 'TICKET_APPEND' as an allowed action. If it still does not work for you, please try with just ReadonlySignedTickets and the default permission policies, and work backward by adding your additional policies until you reproduce the issue. Please include the logs in your follow-up. Finally, an idea on how to fix the recursion with PrivateTicketsPlugin, based on your traceback is: # -*- coding: utf-8 -*- from trac.core import * from trac.perm import IPermissionPolicy from trac.ticket.model import Ticket class ReadonlySignedTickets(Component): implements(IPermissionPolicy) allowed_actions = ('TICKET_VIEW', 'TICKET_APPEND') admin_actions = ('TICKET_ADMIN', 'TRAC_ADMIN') def check_permission(self, action, username, resource, perm): if resource is None or resource.realm != 'ticket' or \ resource.id is None or \ action in self.allowed_actions or \ action in self.admin_actions or \ any(a in perm for a in self.admin_actions): return None t = Ticket(self.env, resource.id) if t['status'] == 'closed' and t['resolution'] == 'signed': return False If that change works for you, I'll update the cookbook page. (I checked the TracPrivateTickets defects, newer revisions do not fix > anything wrt to permissions.) > - Ryan -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
