On Wednesday, September 21, 2016 at 11:27:34 PM UTC-7, Peter Suter wrote:
> > I also posted modifications to SignedTickets, but I don't expect they 
> > will fix this "interaction" issue: 
> > 
> https://trac.edgewall.org/wiki/CookBook/Configuration/SignedTickets?version=9 
>  >>> -         'TICKET_ADMIN' in perm: 
>  >>> +         any(a in perm for a in self.admin_actions): 
> This change seems unnecessary and maybe even more problematic than before. 
> Unnecessary because TRAC_ADMIN implies TICKET_ADMIN anyway, so there's 
> no need to check for TRAC_ADMIN explicitly. (But there may be more 
> subtle details I'm missing.) 
> Problematic because checking more permissions leads to more potentially 
> problematic interactions (and possible mutual recursion) with other 
> policies. 

That sounds right, I reverted the change.

- Ryan 

You received this message because you are subscribed to the Google Groups "Trac 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to trac-users+unsubscr...@googlegroups.com.
To post to this group, send email to trac-users@googlegroups.com.
Visit this group at https://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to