|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
This is the Trac PrivateTicketsPlugin from http://trac-hacks.org/wiki/PrivateTicketsPlugin.
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
Please see the following README from the upstream 0.11 branch:
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
Allow users to only see tickets they are associated with.
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
There are three main permissions for this plugin: TICKET_VIEW_REPORTER, TICKET_VIEW_CC, and TICKET_VIEW_OWNER. TICKET_VIEW_SELF is an alias for all three of these.
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
With each permission, users will only be able to see tickets where they are the person mentioned in the permission. So if a user has TICKET_VIEW_REPORTER, they can only see tickets they reported. For TICKET_VIEW_CC, they just have to be included in the CC list.
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
There are also group-based permissions: TICKET_VIEW_REPORTER_GROUP, TICKET_VIEW_CC_GROUP, and TICKET_VIEW_OWNER_GROUP. These work in a similar way to their non-group counterparts, except that you are granted access if you share a group with the target user. For example, if ticket 1 was reported by Allan, and Allan and Bob are both in the group company_foo, and Bob has TICKET_VIEW_REPORTER_GROUP, then Bob will be able to see ticket 1 since he shares a group with the reporter. Each group-based permission is also an alias for the normal one, so you do not have to grant both. TICKET_VIEW_GROUP is an alias for all the group-based permissions (and therefore all the normal ones as well).
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
These extra permissions can only deny access, not allow it. This means the user must still have TICKET_VIEW granted as normal.
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
Finally, users with TRAC_ADMIN will not be restricted by this plugin. The meta-user "anonymous" also cannot be restricted by this plugin, as their identity isn't known to be checked. Be sure to not grant TICKET_VIEW to anonymous, or unauthenticated users will be able to see all tickets.
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
Configuration
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
All configuration options go in the [privatetickets] section.
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
group_blacklist
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
Groups to ignore for the purposes of the *_GROUP permissions.
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
Defaults to "anonymous, authenticated"
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
You must also add PrivateTicketsPolicy to your permission_policies setting in trac.ini. It must be before the DefaultPermissionPolicy. See below for an example if you don't have any other policies.
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
Example
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
An example configuration:
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
[privatetickets]
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
group_blacklist = anonymous, authenticated, labusers
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
[components]
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
privatetickets.* = enabled
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
[trac]
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
permission_policies = PrivateTicketsPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|
|
![](https://seccdn.libravatar.org/avatar/7b534212fcf5bbd6c54b284386e2dda052178413e777929f319e75d97aa65ad2?s=16&d=retro) |
98bbd25 |
|