If TICKET_ADMIN permission is given, only then he can see all the tickets,
Is there any other way to do it?
Regards,
SF
On Monday, May 15, 2017 at 4:42:48 PM UTC+2, toto200891 wrote:
>
> Hi,
>
> With the above plugin, I can restrict the users to view tickets only they
> report or been assigned. But I would like to have a set of users to view
> all the tickets, for that I tried giving the permission TICKET_VIEW, but I
> still see that the users can see only see tickets reported or assigned and
> not all the tickets? Any help is appreciated.
>
> Regards,
>
> SF
>
> On Tuesday, May 9, 2017 at 7:24:12 PM UTC+2, RjOllos wrote:
>>
>> In another thread (1) we've been discussing various iterations of
>> SupportDeskPolicy (2).
>>
>> I consider the following to be the most intuitive behavior:
>> * Users having TICKET_VIEW can see all tickets
>> * Users having TICKET_VIEW_REPORTED (and not having TICKET_VIEW) can only
>> see tickets they report
>>
>> Previous iterations of the plugin were non-intuitive in having the
>> following behavior:
>> * Users with TICKET_VIEW can see all tickets
>> * Users with TICKET_VIEW and TICKET_VIEW_REPORTED can only see tickets
>> they report
>>
>> We also need things like search filters to be present for users with
>> TICKET_VIEW_REPORTED. For that to happen, these "coarse-grained" checks
>> must return true for a user that has TICKET_VIEW_REPORTED and doesn't have
>> TICKET_VIEW:
>> 'TICKET_VIEW' in req.perm
>> 'TICKET_VIEW' in req.perm('ticket')
>>
>> Therefore, I propose the following, which seems to work in the limited
>> testing I've done. An unintended, but likely desirable effect of the
>> implementation, a user with TICKET_VIEW and TICKET_VIEW_REPORTED can only
>> see tickets they reported. Effectively, having TICKET_VIEW_REPORTED causes
>> the check for TICKET_VIEW in DefaultPermissionPolicy to be skipped entirely.
>>
>> # -*- coding: utf-8 -*-
>> #
>> # Copyright (C) 2017 Edgewall Software
>> # All rights reserved.
>> #
>> # This software is licensed as described in the file COPYING, which
>> # you should have received as part of this distribution. The terms
>> # are also available at http://trac.edgewall.org/wiki/TracLicense.
>> #
>> # This software consists of voluntary contributions made by many
>> # individuals. For the exact contribution history, see the revision
>> # history and logs, available at http://trac.edgewall.org/log/.
>>
>> from trac.core import *
>> from trac.perm import IPermissionPolicy, IPermissionRequestor
>> from trac.resource import ResourceNotFound
>> from trac.ticket.model import Ticket
>>
>>
>> class SupportDeskPolicy(Component):
>> """Provides a permission for restricting ticket actions to the
>> ticket owner.
>> """
>>
>> implements(IPermissionPolicy, IPermissionRequestor)
>>
>> # IPermissionRequestor methods
>>
>> def get_permission_actions(self):
>> return ['TICKET_VIEW_REPORTED']
>>
>> # IPermissionPolicy methods
>>
>> def check_permission(self, action, username, resource, perm):
>> if action == 'TICKET_VIEW' and \
>> 'TICKET_ADMIN' not in perm:
>> if 'TICKET_VIEW_REPORTED' in perm:
>> if resource is None or \
>> resource.realm == 'ticket' and \
>> resource.id is None:
>> return True
>> elif resource.realm == 'ticket' and \
>> resource.id is not None:
>> try:
>> ticket = Ticket(self.env, resource.id)
>> except ResourceNotFound:
>> pass
>> else:
>> return ticket['reporter'] == username
>>
>>
>> [End of Code]
>>
>> - Ryan
>>
>> (1) https://groups.google.com/forum/#!topic/trac-users/sneow4NJ7lM
>> (2)
>> https://trac.edgewall.org/wiki/CookBook/PermissionPolicies#SupportDeskPolicy
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
