Navigation

← Previous Changeset
Next Changeset →

Changeset 3751

Timestamp:

05/30/08 01:57:18 (7 months ago)

Author:

coderanger

Message:

If user has none of the special permissions, fall-through to the next policy. Also enforce privatetickets permissions on any sub-resource (eg. attachments) of a ticket. (closes #3097)

Files:

privateticketsplugin/0.11/privatetickets/policy.py (modified) (2 diffs)
privateticketsplugin/0.11/README (modified) (1 diff)
privateticketsplugin/0.11/setup.py (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

privateticketsplugin/0.11/privatetickets/policy.py

r3602	r3751
30	30	# IPermissionPolicy(Interface)
31	31	def check_permission(self, action, username, resource, perm):
32		if username != 'anonymous' and \
33		resource is not None and \
34		resource.realm == 'ticket' and \
35		resource.id is not None and \
36		action not in self.ignore_permissions and \
37		'TRAC_ADMIN' not in perm:
	32	if username == 'anonymous' or \
	33	action in self.ignore_permissions or \
	34	'TRAC_ADMIN' in perm:
	35	# In these three cases, checking makes no sense
	36	return None
	37
	38	# Look up the resource parentage for a ticket.
	39	while resource:
	40	if resource.realm == 'ticket':
	41	break
	42	resource = resource.parent
	43	if resource and resouce.realm == 'ticket' and resource.id is not None:
38	44	return self.check_ticket_access(perm, resource)
39	45	return None
…	…
52	58	tkt = Ticket(self.env, res.id)
53	59	except TracError:
54		return ~~Fals~~e # Ticket doesn't exist
	60	return None # Ticket doesn't exist
55	61
56		if perm.has_permission('TICKET_VIEW_REPORTER') and \
57		tkt['reporter'] == perm.username:
58		return None
	62	had_any = False
59	63
60		if perm.has_permission('TICKET_VIEW_CC') and \
61		perm.username in [x.strip() for x in tkt['cc'].split(',')]:
62		return None
	64	if perm.has_permission('TICKET_VIEW_REPORTER'):
	65	had_any = True
	66	if tkt['reporter'] == perm.username:
	67	return None
63	68
64		if perm.has_permission('TICKET_VIEW_OWNER') and \
65		perm.username == tkt['owner']:
66		return None
	69	if perm.has_permission('TICKET_VIEW_CC'):
	70	had_any = True
	71	if perm.username in [x.strip() for x in tkt['cc'].split(',')]:
	72	return None
67	73
68		if perm.has_permission('TICKET_VIEW_REPORTER_GROUP') and \
69		self._check_group(perm.username, tkt['reporter']):
70		return None
	74	if perm.has_permission('TICKET_VIEW_OWNER'):
	75	had_any = True
	76	if perm.username == tkt['owner']:
	77	return None
71	78
72		if perm.has_permission('TICKET_VIEW_OWNER_GROUP') and \
73		self._check_group(perm.username, tkt['owner']):
74		return None
	79	if perm.has_permission('TICKET_VIEW_REPORTER_GROUP'):
	80	had_any = True
	81	if self._check_group(perm.username, tkt['reporter']):
	82	return None
	83
	84	if perm.has_permission('TICKET_VIEW_OWNER_GROUP'):
	85	had_any = True
	86	if self._check_group(perm.username, tkt['owner']):
	87	return None
75	88
76	89	if perm.has_permission('TICKET_VIEW_CC_GROUP'):
	90	had_any = True
77	91	for user in tkt['cc'].split(','):
78	92	#self.log.debug('Private: CC check: %s, %s', req.authname, user.strip())
79	93	if self._check_group(perm.username, user.strip()):
80	94	return None
81
	95
	96	# No permissions assigned, punt
	97	if not had_any:
	98	return None
	99
82	100	return False
83	101

privateticketsplugin/0.11/README

r3599	r3751
27	27
28	28	Finally, users with ``TRAC_ADMIN`` will not be restricted by this plugin.
	29	The meta-user "anonymous" also cannot be restricted by this plugin, as their
	30	identity isn't known to be checked. Be sure to not grant ``TICKET_VIEW`` to
	31	anonymous, or unauthenticated users will be able to see all tickets.
29	32
30	33	Configuration

privateticketsplugin/0.11/setup.py

r3598	r3751
7	7	setup(
8	8	name = 'TracPrivateTickets',
9		version = '2.0',
	9	version = '2.0.1',
10	10	packages = ['privatetickets'],
11	11