close
Warning:
Can't synchronize with repository "(default)" (The repository directory has changed, you should resynchronize the repository with: trac-admin $ENV repository resync '(default)'). Look in the Trac log for more information.
- Timestamp:
-
2020-07-23T14:06:24-07:00 (4 years ago)
- Author:
-
trac
- Comment:
-
--
Legend:
- Unmodified
- Added
- Removed
- Modified
-
v4
|
v5
|
|
45 | 45 | || `TICKET_VIEW` || View existing [TracTickets tickets] and perform [TracQuery ticket queries] || |
46 | 46 | || `TICKET_CREATE` || Create new [TracTickets tickets] || |
47 | | || `TICKET_APPEND` || Add comments or attachments to [TracTickets tickets] || |
48 | | || `TICKET_CHGPROP` || Modify [TracTickets ticket] properties (priority, assignment, keywords, etc.) with the following exceptions: edit description field, add/remove other users from cc field when logged in || |
| 47 | || `TICKET_APPEND` || Add comments and attachments to [TracTickets tickets], and edit description of ticket the user created || |
| 48 | || `TICKET_CHGPROP` || Modify [TracTickets ticket] properties (priority, assignment, keywords, etc.) with the following exceptions: edit description of tickets created by others, add/remove other users from cc field when logged in || |
49 | 49 | || `TICKET_MODIFY` || Includes both `TICKET_APPEND` and `TICKET_CHGPROP`, and in addition allows resolving [TracTickets tickets] in the [TracWorkflow default workflow]. Tickets can be assigned to users through a [TracTickets#Assign-toasDrop-DownList drop-down list] when the list of possible owners has been restricted. || |
50 | 50 | || `TICKET_EDIT_CC` || Full modify cc field || |
51 | | || `TICKET_EDIT_DESCRIPTION` || Modify description field || |
| 51 | || `TICKET_EDIT_DESCRIPTION` || Modify description field. User with `TICKET_APPEND` or `TICKET_CHGPROP` can modify description of ticket they created. || |
52 | 52 | || `TICKET_EDIT_COMMENT` || Modify another user's comments. Any user can modify their own comments by default. || |
53 | 53 | || `TICKET_BATCH_MODIFY` || [TracBatchModify Batch modify] tickets || |
… |
… |
|
94 | 94 | || `CONFIG_VIEW` || Enables additional sections on ''About Trac'' that show the current configuration and the list of installed plugins || |
95 | 95 | || `EMAIL_VIEW` || Shows email addresses even if [TracIni#trac-section trac show_email_addresses] configuration option is false || |
| 96 | |
| 97 | == Attachment Permissions |
| 98 | |
| 99 | Attachment permissions are handled by `LegacyAttachmentPolicy`, and unlike the permissions discussed so far, the permissions provided by `LegacyAttachmentPolicy` are not directly granted. Rather, the ability to create, view and delete attachments is determined by the attachment's parent realm and permissions the user possesses for that realm. |
| 100 | |
| 101 | The attachment actions are determined by the following |
| 102 | permissions in the ticket, wiki and milestone realms: |
| 103 | {{{#!table class="listing" |
| 104 | ||= Granted By: =||= Ticket =||= Wiki =||= Milestone =|| |
| 105 | || `ATTACHMENT_CREATE` || `TICKET_APPEND` || `WIKI_MODIFY` || `MILESTONE_MODIFY` || |
| 106 | || `ATTACHMENT_VIEW` || `TICKET_VIEW` || `WIKI_VIEW` || `MILESTONE_VIEW` || |
| 107 | || `ATTACHMENT_DELETE` || `TICKET_ADMIN` || `WIKI_DELETE` || `MILESTONE_DELETE` || |
| 108 | }}} |
| 109 | |
| 110 | If explicit attachment permissions are preferred, `ATTACHMENT_CREATE`, `ATTACHMENT_DELETE` and `ATTACHMENT_VIEW` can be created using the [trac:ExtraPermissionsProvider]. The simplest implementation is to simply define the actions. |
| 111 | {{{#!ini |
| 112 | [extra-permissions] |
| 113 | _perms = ATTACHMENT_CREATE, ATTACHMENT_DELETE, ATTACHMENT_VIEW |
| 114 | }}} |
| 115 | |
| 116 | An alternative configuration adds an `ATTACHMENT_ADMIN` meta-permission that grants the other 3 permission. |
| 117 | {{{#!ini |
| 118 | [extra-permissions] |
| 119 | ATTACHMENT_ADMIN = ATTACHMENT_CREATE, ATTACHMENT_DELETE, ATTACHMENT_VIEW |
| 120 | }}} |
| 121 | |
| 122 | The explicit permissions can be used in concert with `LegacyAttachmentPolicy`, or `LegacyAttachmentPolicy` can be removed from `permission_policies`, in which case only users that have been explicitly granted the corresponding attachment actions will be able to create, delete and view attachments. |
96 | 123 | |
97 | 124 | == Granting Privileges |