close
Warning:
Can't synchronize with repository "(default)" (The repository directory has changed, you should resynchronize the repository with: trac-admin $ENV repository resync '(default)'). Look in the Trac log for more information.
- Timestamp:
-
2021-07-11T14:17:48-07:00 (4 years ago)
- Author:
-
trac
- Comment:
-
--
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v5
|
v6
|
|
| 13 | 13 | == Graphical Admin Tab |
| 14 | 14 | |
| 15 | | To access this tab, a user must have one of the following permissions: `TRAC_ADMIN`, `PERMISSION_ADMIN`, `PERMISSION_GRANT`, `PERMISSION_REVOKE`. The permissions can be granted using the `trac-admin` command (more on `trac-admin` below): |
| | 15 | To access this tab, a user must have one of the following permissions: `TRAC_ADMIN`, `PERMISSION_ADMIN`, `PERMISSION_GRANT`, `PERMISSION_REVOKE`. The permissions can be granted using the `trac-admin` command with a more detailed description [#GrantingPrivileges below]: |
| 16 | 16 | {{{#!sh |
| 17 | 17 | $ trac-admin /path/to/projenv permission add bob TRAC_ADMIN |
| … |
… |
|
| 30 | 30 | == Available Privileges |
| 31 | 31 | |
| 32 | | To enable all privileges for a user, use the `TRAC_ADMIN` permission. Having `TRAC_ADMIN` is like being `root` on a *NIX system: it will allow you to perform any operation. |
| 33 | | |
| 34 | | Otherwise, individual privileges can be assigned to users for the various different functional areas of Trac ('''note that the privilege names are case-sensitive'''): |
| | 32 | To enable all privileges for a user, use the `TRAC_ADMIN` permission. This permission is like being `root` on a *NIX system: it will allow you to perform any operation. |
| | 33 | |
| | 34 | Otherwise, individual privileges can be assigned to users for the different functional areas of Trac and '''note that the privilege names are uppercase''': |
| 35 | 35 | |
| 36 | 36 | === Repository Browser |
| … |
… |
|
| 52 | 52 | || `TICKET_EDIT_COMMENT` || Modify another user's comments. Any user can modify their own comments by default. || |
| 53 | 53 | || `TICKET_BATCH_MODIFY` || [TracBatchModify Batch modify] tickets || |
| 54 | | || `TICKET_ADMIN` || All `TICKET_*` permissions, deletion of ticket attachments and modification of the reporter field, which grants ability to create a ticket on behalf of another user (it will appear that another user created the ticket). It also allows managing ticket properties through the web administration module. || |
| | 54 | || `TICKET_ADMIN` || All `TICKET_*` permissions, deletion of ticket attachments and modification of the reporter field, which grants ability to create a ticket on behalf of another user and it will appear that another user created the ticket. It also allows managing ticket properties through the web administration module. || |
| 55 | 55 | |
| 56 | 56 | === Roadmap |
| … |
… |
|
| 108 | 108 | }}} |
| 109 | 109 | |
| | 110 | An authenticated user can delete an attachment //they added// without possessing the permission |
| | 111 | that grants `ATTACHMENT_DELETE`. |
| | 112 | |
| 110 | 113 | If explicit attachment permissions are preferred, `ATTACHMENT_CREATE`, `ATTACHMENT_DELETE` and `ATTACHMENT_VIEW` can be created using the [trac:ExtraPermissionsProvider]. The simplest implementation is to simply define the actions. |
| 111 | 114 | {{{#!ini |
| … |
… |
|
| 150 | 153 | Any user who has logged in is also in the //authenticated// group. |
| 151 | 154 | The //authenticated// group inherits permissions from the //anonymous// group. |
| 152 | | For example, if the //anonymous// group has permission WIKI_MODIFY, |
| 153 | | it is not necessary to add the WIKI_MODIFY permission to the //authenticated// group as well. |
| | 155 | For example, if the //anonymous// group has permission WIKI_MODIFY, it is not necessary to add the WIKI_MODIFY permission to the //authenticated// group as well. |
| 154 | 156 | |
| 155 | 157 | Custom groups may be defined that inherit permissions from the two built-in groups. |
| … |
… |
|
| 169 | 171 | Permission groups can be created by assigning a user to a group you wish to create, then assign permissions to that group. |
| 170 | 172 | |
| 171 | | The following will add ''bob'' to the new group called ''beta_testers'' and then will assign WIKI_ADMIN permissions to that group. (Thus, ''bob'' will inherit the WIKI_ADMIN permission) |
| | 173 | The following will add ''bob'' to the new group called ''beta_testers'' and then will assign `WIKI_ADMIN` permissions to that group. Thus, ''bob'' will inherit the `WIKI_ADMIN` permission. |
| 172 | 174 | {{{#!sh |
| 173 | 175 | $ trac-admin /path/to/projenv permission add bob beta_testers |
| … |
… |
|
| 177 | 179 | == Removing Permissions |
| 178 | 180 | |
| 179 | | Permissions can be removed using the 'remove' command. For example: |
| | 181 | Permissions can be removed using the 'remove' command. |
| 180 | 182 | |
| 181 | 183 | This command will prevent the user ''bob'' from deleting reports: |
| … |
… |
|
| 207 | 209 | //**anonymous**// |
| 208 | 210 | {{{ |
| 209 | | BROWSER_VIEW |
| 210 | | CHANGESET_VIEW |
| 211 | | FILE_VIEW |
| 212 | | LOG_VIEW |
| 213 | | MILESTONE_VIEW |
| 214 | | REPORT_SQL_VIEW |
| 215 | | REPORT_VIEW |
| 216 | | ROADMAP_VIEW |
| 217 | | SEARCH_VIEW |
| 218 | | TICKET_VIEW |
| | 211 | BROWSER_VIEW |
| | 212 | CHANGESET_VIEW |
| | 213 | FILE_VIEW |
| | 214 | LOG_VIEW |
| | 215 | MILESTONE_VIEW |
| | 216 | REPORT_SQL_VIEW |
| | 217 | REPORT_VIEW |
| | 218 | ROADMAP_VIEW |
| | 219 | SEARCH_VIEW |
| | 220 | TICKET_VIEW |
| 219 | 221 | TIMELINE_VIEW |
| 220 | 222 | WIKI_VIEW |
| … |
… |
|
| 223 | 225 | //**authenticated**// |
| 224 | 226 | {{{ |
| 225 | | TICKET_CREATE |
| 226 | | TICKET_MODIFY |
| 227 | | WIKI_CREATE |
| 228 | | WIKI_MODIFY |
| | 227 | TICKET_CREATE |
| | 228 | TICKET_MODIFY |
| | 229 | WIKI_CREATE |
| | 230 | WIKI_MODIFY |
| 229 | 231 | }}} |
| 230 | 232 | ---- |
