Opened on 03/11/2015 at 09:13:18 AM
Closed on 05/28/2015 at 09:47:12 AM
#2122 closed change (rejected)
[trac issues 1] limit interface users to only see their reported issues
| Reported by: | philll | Assignee: | philll |
|---|---|---|---|
| Priority: | Unknown | Milestone: | |
| Module: | Infrastructure | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Platform: | Unknown | |
| Ready: | no | Confidential: | no |
| Tester: | Verified working: | no | |
| Review URL(s): | |||
Description (last modified by philll)
Background
User accounts of our issue tracker issues1 currently see all issues independent of the user who reported them. As there is no way to have seperated editing permissions in Trac, they can as well edit them. While this is fine for real users, it raises the probability of accounts used for automated import interfaces to mess with unrelated issues.
Implementation suggestions
We can reuse the PrivateTicketsPlugin that is already installed for usage in our order system to do so.
What to change
In the issue tracker at issues 1, limit interface users to only see their reported issues
Attachments (0)
Change History (4)
comment:1 Changed on 03/11/2015 at 09:36:51 AM by philll
- Review URL(s) modified (diff)
- Status changed from new to reviewing
comment:3 Changed on 04/02/2015 at 03:54:06 PM by philll
- Status changed from reviewing to reopened
- Verified working unset
comment:4 Changed on 05/28/2015 at 09:47:12 AM by philll
- Resolution set to rejected
- Status changed from reopened to closed
Resolving this would require to patch the plugins or Trac itself, both of which would lead to severe maintenance effort, which we currently cannot provide.
It turned out that my approach breaks the functionality of the SensitiveTicketsPlugin by overwriting its permission policy. Putting all policy checks in one line as actually designed so by Trac however raises the recursion loop described at http://trac-hacks.org/ticket/10228