{"id":265,"date":"2012-02-17T19:04:58","date_gmt":"2012-02-17T17:04:58","guid":{"rendered":"http:\/\/rexxer.kharkov.ru\/?p=265"},"modified":"2012-02-17T19:04:58","modified_gmt":"2012-02-17T17:04:58","slug":"trac-strict-permissions","status":"publish","type":"post","link":"https:\/\/dety.net.ua\/?p=265","title":{"rendered":"TRAC + strict permissions"},"content":{"rendered":"<p>Once PM ask me to configure strict access to a project in TRAC for user.<br \/>\nHe can have access only for &#8220;New ticket&#8221; and view only own tickets.<\/p>\n<p>Firstly, I have created the user account and add him to the special group.<\/p>\n<p>I assigned the next permissions for this group:<\/p>\n<blockquote>\n<div><label for=\"users_strict:MILESTONE_VIEW\">MILESTONE_VIEW<\/label><\/div>\n<div><label for=\"users_strict:REPORT_VIEW\">REPORT_VIEW<\/label><\/div>\n<div><label for=\"users_strict:TICKET_APPEND\">TICKET_APPEND<\/label><\/div>\n<div><label for=\"users_strict:TICKET_CHGPROP\">TICKET_CHGPROP<\/label><\/div>\n<div><label for=\"users_strict:TICKET_CREATE\">TICKET_CREATE<\/label><\/div>\n<div><label for=\"users_strict:TICKET_EDIT_CC\">TICKET_EDIT_CC<\/label><\/div>\n<div><label for=\"users_strict:TICKET_EDIT_DESCRIPTION\">TICKET_EDIT_DESCRIPTION<\/label><\/div>\n<div><label for=\"users_strict:TICKET_MODIFY\">TICKET_MODIFY<\/label><\/div>\n<div><label for=\"users_strict:TICKET_VIEW\">TICKET_VIEW<\/label><\/div>\n<\/blockquote>\n<p>Result:<br \/>\npart of trac.ini (11.5)<\/p>\n<blockquote><p>[authz_policy]<br \/>\nauthz_file = c:apachetracprojectsifstconfauthzpolicy.conf\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 #pick file with policy<\/p>\n<p>[components]<br \/>\nauthz_policy.* = enabled\u00a0\u00a0\u00a0\u00a0\u00a0 #turning on policy<\/p>\n<p>[mainnav]<br \/>\ntickets.href = \/report\/7\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 #set navigation button &#8220;View tickets&#8221; to report &#8220;My tickets&#8221; by default<\/p><\/blockquote>\n<p>authzpolicy.conf<\/p>\n<blockquote><p>[wiki:Documents]<br \/>\nadmin1 = WIKI_ADMIN<br \/>\nadmin2 = WIKI_ADMIN<br \/>\n* = &#8220;&#8221;<\/p>\n<p>[milestone:Test]<br \/>\nuser = MILESTONE_VIEW<\/p>\n<p>[milestone:*]<br \/>\nuser = &#8220;&#8221;<\/p>\n<p>[report:7]<br \/>\nuser = REPORT_VIEW<\/p>\n<p>[report:*]<br \/>\nuser = &#8220;&#8221;<\/p><\/blockquote>\n<p>But &#8230; I found some issues with permissions and understood that this way incorrect.<\/p>\n<p>I looked up again and found this: <a href=\"http:\/\/trac-hacks.org\/wiki\/PrivateTicketsPlugin\" target=\"_blank\">http:\/\/trac-hacks.org\/wiki\/PrivateTicketsPlugin<\/a><\/p>\n<p>So, my trac.ini became:<\/p>\n<blockquote><p>[components]<br \/>\nprivatetickets.* = enabled<\/p>\n<p>[mainnav]<br \/>\ntickets.href = \/report\/6<\/p>\n<p>[trac]<br \/>\npermission_policies = PrivateTicketsPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy<\/p>\n<p>[privatetickets]<br \/>\ngroup_blacklist =<\/p><\/blockquote>\n<p>And I added the permission: TICKET_VIEW_REPORTER (it turn up after installing the plugin) for group.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Once PM ask me to configure strict access to a project in TRAC for user. He can have access only for &#8220;New ticket&#8221; and view only own tickets. Firstly, I have created the user account and add him to the special group. I assigned the next permissions for this group: MILESTONE_VIEW REPORT_VIEW TICKET_APPEND TICKET_CHGPROP TICKET_CREATE [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,9],"tags":[],"class_list":["post-265","post","type-post","status-publish","format-standard","hentry","category-novosti","category-trac"],"_links":{"self":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts\/265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=265"}],"version-history":[{"count":0,"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts\/265\/revisions"}],"wp:attachment":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}