Changeset 4358

Show
Ignore:
Timestamp:
09/29/08 12:16:53 (3 months ago)
Author:
bobbysmith007
Message:

re #3828 fixed a bug in ticket policy where it should have been checking for a permission or a group, but was only checking for a permission

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • timingandestimationplugin/branches/trac0.11-Permissions/setup.py

    r4260 r4358  
    88      description='Plugin to make Trac support time estimation and tracking with permissions', 
    99      keywords='trac plugin estimation timetracking permissions', 
    10       version='0.7.1', 
     10      version='0.7.2', 
    1111      url='http://www.trac-hacks.org/wiki/TimingAndEstimationPlugin', 
    1212      license='http://www.opensource.org/licenses/mit-license.php', 

  • timingandestimationplugin/branches/trac0.11-Permissions/timingandestimationplugin/ticket_policy.py

    r4293 r4358  
    88    """Hide internal tickets.""" 
    99    implements(IPermissionPolicy) 
    10      
     10    group_providers = ExtensionPoint(IPermissionGroupProvider) 
     11 
    1112    # IPermissionPolicy(Interface) 
    1213    def check_permission(self, action, username, resource, perm): 
     
    2021            resource = resource.parent 
    2122        if resource and resource.realm == 'ticket' and resource.id is not None: 
    22             rtn = self.check_ticket_access(perm, resource
     23            rtn = self.check_ticket_access(perm, resource, username
    2324            self.log.debug("Internal: RESULTS for %s: %s" % (action,rtn)) 
    2425            return rtn 
    2526        return None 
    26      
     27 
     28    # Internal methods    
     29    def _get_groups(self, user): 
     30        # Get initial subjects 
     31        groups = set([user]) 
     32        for provider in self.group_providers: 
     33            for group in provider.get_permission_groups(user): 
     34                groups.add(group) 
     35         
     36        perms = PermissionSystem(self.env).get_all_permissions() 
     37        repeat = True 
     38        while repeat: 
     39            repeat = False 
     40            for subject, action in perms: 
     41                if subject in groups and action.islower() and action not in groups: 
     42                    groups.add(action) 
     43                    repeat = True  
     44         
     45        return groups     
     46 
    2747    # Public methods 
    28     def check_ticket_access(self, perm, res): 
     48    def check_ticket_access(self, perm, res, user): 
    2949        """Return if this req is permitted access to the given ticket ID.""" 
    3050        try: 
     
    3252        except TracError: 
    3353            return None # Ticket doesn't exist 
    34         private_tkt = tkt.get_value_or_default('internal') == '1' 
     54        private_tkt = tkt['internal'] == '1' 
    3555 
    3656        if private_tkt: 
    3757            # cant just check or we get in an infinite call loop 
    3858            perm = PermissionCache(self.env, self.username, None, perm._cache) 
    39             return perm.has_permission(self.config.get('ticket', 'internalgroup', 'TIME_ADMIN' ).upper()) 
     59            groups = self._get_groups(user) 
     60            perm_or_group = self.config.get('ticket', 'internalgroup', 'TIME_ADMIN' ) 
     61            return perm_or_group in groups or perm.has_permission(perm_or_group) 
    4062        return None