Hi,
With the above plugin, I can restrict the users to view tickets only they
report or been assigned. But I would like to have a set of users to view
all the tickets, for that I tried giving the permission TICKET_VIEW, but I
still see that the users can see only see tickets reported or assigned and
not all the tickets? Any help is appreciated.
Regards,
SF
On Tuesday, May 9, 2017 at 7:24:12 PM UTC+2, RjOllos wrote:
>
> In another thread (1) we've been discussing various iterations of
> SupportDeskPolicy (2).
>
> I consider the following to be the most intuitive behavior:
> * Users having TICKET_VIEW can see all tickets
> * Users having TICKET_VIEW_REPORTED (and not having TICKET_VIEW) can only
> see tickets they report
>
> Previous iterations of the plugin were non-intuitive in having the
> following behavior:
> * Users with TICKET_VIEW can see all tickets
> * Users with TICKET_VIEW and TICKET_VIEW_REPORTED can only see tickets
> they report
>
> We also need things like search filters to be present for users with
> TICKET_VIEW_REPORTED. For that to happen, these "coarse-grained" checks
> must return true for a user that has TICKET_VIEW_REPORTED and doesn't have
> TICKET_VIEW:
> 'TICKET_VIEW' in req.perm
> 'TICKET_VIEW' in req.perm('ticket')
>
> Therefore, I propose the following, which seems to work in the limited
> testing I've done. An unintended, but likely desirable effect of the
> implementation, a user with TICKET_VIEW and TICKET_VIEW_REPORTED can only
> see tickets they reported. Effectively, having TICKET_VIEW_REPORTED causes
> the check for TICKET_VIEW in DefaultPermissionPolicy to be skipped entirely.
>
> # -*- coding: utf-8 -*-
> #
> # Copyright (C) 2017 Edgewall Software
> # All rights reserved.
> #
> # This software is licensed as described in the file COPYING, which
> # you should have received as part of this distribution. The terms
> # are also available at http://trac.edgewall.org/wiki/TracLicense.
> #
> # This software consists of voluntary contributions made by many
> # individuals. For the exact contribution history, see the revision
> # history and logs, available at http://trac.edgewall.org/log/.
>
> from trac.core import *
> from trac.perm import IPermissionPolicy, IPermissionRequestor
> from trac.resource import ResourceNotFound
> from trac.ticket.model import Ticket
>
>
> class SupportDeskPolicy(Component):
> """Provides a permission for restricting ticket actions to the
> ticket owner.
> """
>
> implements(IPermissionPolicy, IPermissionRequestor)
>
> # IPermissionRequestor methods
>
> def get_permission_actions(self):
> return ['TICKET_VIEW_REPORTED']
>
> # IPermissionPolicy methods
>
> def check_permission(self, action, username, resource, perm):
> if action == 'TICKET_VIEW' and \
> 'TICKET_ADMIN' not in perm:
> if 'TICKET_VIEW_REPORTED' in perm:
> if resource is None or \
> resource.realm == 'ticket' and \
> resource.id is None:
> return True
> elif resource.realm == 'ticket' and \
> resource.id is not None:
> try:
> ticket = Ticket(self.env, resource.id)
> except ResourceNotFound:
> pass
> else:
> return ticket['reporter'] == username
>
>
> [End of Code]
>
> - Ryan
>
> (1) https://groups.google.com/forum/#!topic/trac-users/sneow4NJ7lM
> (2)
> https://trac.edgewall.org/wiki/CookBook/PermissionPolicies#SupportDeskPolicy
>
>
>
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
