Support TRAC 0.12.2 ?

[anonymous]

under TRAC 0.12.2 the SimpleTicketPlugin dosen't work. Every user have the permission, which are defined in the trac.ini (hide=....). I can not set the permission with TICKET_CREATE_SIMPLE.

What is the problem?

[Ryan J Ollos]

I'm having trouble understanding the original report, but the behavior I'm seeing is that do_filter = 'TICKET_CREATE_SIMPLE' in req.perm is always true.

[falkb]

I think "Every user has the permission" means the filter is active for everyone, and "I can not set the permission with TICKET_CREATE_SIMPLE" means that setting TICKET_CREATE_SIMPLE for certain users has no effect.

[Ryan J Ollos]

Replying to falkb:

I think "Every user has the permission" means the filter is active for everyone, and "I can not set the permission with TICKET_CREATE_SIMPLE" means that setting TICKET_CREATE_SIMPLE for certain users has no effect.

Okay, that is sort of what I was seeing as well. Would you be willing to do some testing?

The problem I described in comment:2 was due to granting TRAC_ADMIN to anonymous in my dev environment. TRAC_ADMIN seems to inherit all other permissions, so a user with TRAC_ADMIN will see the simple ticket form. I'm going to change the plugin so that TICKET_CREATE_SIMPLE will never apply to a user with the TRAC_ADMIN permission.

The plugin seems to work well with 0.12.3dev, otherwise. I'll add the 0.12 tag to the wiki page.

[Ryan J Ollos]

(In [10990]) Fixes #9053: The TICKET_CREATE_SIMPLE permission is not applied to a user with TRAC_ADMIN permission.

[falkb]

Uhm...

  File ".....\plugins\tracsimpleticket-3.0-py2.5.egg\simpleticket\web_ui.py", line 27
     and not 'TRAC_ADMIN' in req.perm
    ^
IndentationError: unexpected indent (web_ui.py, line 27)

[Ryan J Ollos]

Sorry about that. Will fix it now.

[Ryan J Ollos]

(In [10992]) Refs #9053: Fixed bad indentation in [10990].

[falkb]

Replying to rjollos:

I'm going to change the plugin so that TICKET_CREATE_SIMPLE will never apply to a user with the TRAC_ADMIN permission.

yup, [10992] has implemented this. :-)

It's a good behaviour, that if TRAC_ADMIN is set without TICKET_CREATE_SIMPLE, it should not inherit option TICKET_CREATE_SIMPLE. Though I'd rather love to see that if TICKET_CREATE_SIMPLE is set, it automatically overrules TICKET_CREATE. This way I could set someone to TRAC_ADMIN+TICKET_CREATE_SIMPLE, so all is allowed except the restricted things by this plugin. Actually TICKET_CREATE_SIMPLE is an overruler to TICKET_CREATE - if activated then use it, else use common ticket creation

The plugin seems to work well with 0.12.3dev, otherwise. I'll add the 0.12 tag to the wiki page.

0.12.2 works well also

[Ryan J Ollos]

Replying to falkb:

It's a good behaviour, that if TRAC_ADMIN is set without TICKET_CREATE_SIMPLE, it should not inherit option TICKET_CREATE_SIMPLE. Though I'd rather love to see that if TICKET_CREATE_SIMPLE is set, it automatically overrules TICKET_CREATE.

The behavior I'm seeing is that if a user has TICKET_CREATE_SIMPLE and TICKET_CREATE, the user sees the simplified ticket interface. I think the following code means that any user having TICKET_CREATE_SIMPLE will also be given the TICKET_CREATE permission:

    def get_permission_actions(self):
        yield 'TICKET_CREATE_SIMPLE', ['TICKET_CREATE']

This way I could set someone to TRAC_ADMIN+TICKET_CREATE_SIMPLE, so all is allowed except the restricted things by this plugin.

Unless we make it so that a user with TICKET_CREATE does not see the simple ticket form even when they also have TICKET_CREATE_SIMPLE, I don't see how this will be possible. However, I'm not sure it is possible to grant TICKET_CREATE_SIMPLE without also granting TICKET_CREATE because of the way that a user with TICKET_CREATE_SIMPLE is granted TICKET_CREATE, according to the snipet I showed above. I experimented with trying to do this, but no success.

Actually TICKET_CREATE_SIMPLE is an overruler to TICKET_CREATE - if activated then use it, else use common ticket creation

Okay, yeah that is the behavior I'm seeing.

[falkb]

Well, it's a bit tricky to understand. But it looks like the actual problem is that you can't subtract permissions but only add. I gave some people TRAC_ADMIN for full responsibility though they aren't interested in some ticket fields (like 'billable'). I thought I could additionally give them TICKET_CREATE_SIMPLE and define what is visible in such case.

[Ryan J Ollos]

Replying to falkb:

Well, it's a bit tricky to understand. But it looks like the actual problem is that you can't subtract permissions but only add. I gave some people TRAC_ADMIN for full responsibility though they aren't interested in some ticket fields (like 'billable'). I thought I could additionally give them TICKET_CREATE_SIMPLE and define what is visible in such case.

BlackMagicTicketTweaks might do what you want. I haven't used it though.

[falkb]

Replying to rjollos:

BlackMagicTicketTweaks might do what you want. I haven't used it though.

Thanks, rjollos. By plugin setting ondenial , BlackMagicTicketTweaksPlugin allows to hide or disable ticket fields depending on if permissions are missing. But TRAC_ADMIN has all permissions, that's why ondenial doesn't help either for my desired permission case, which should logically means "TRAC_ADMIN but restricted view on ticket fields". Well, I think that's another story and doesn't further belong to this ticket.