close
Warning:
Can't synchronize with repository "(default)" (The repository directory has changed, you should resynchronize the repository with: trac-admin $ENV repository resync '(default)'). Look in the Trac log for more information.
- Timestamp:
-
2021-07-11T14:17:48-07:00 (3 years ago)
- Author:
-
trac
- Comment:
-
--
Legend:
- Unmodified
- Added
- Removed
- Modified
-
v5
|
v6
|
|
13 | 13 | == Graphical Admin Tab |
14 | 14 | |
15 | | To access this tab, a user must have one of the following permissions: `TRAC_ADMIN`, `PERMISSION_ADMIN`, `PERMISSION_GRANT`, `PERMISSION_REVOKE`. The permissions can be granted using the `trac-admin` command (more on `trac-admin` below): |
| 15 | To access this tab, a user must have one of the following permissions: `TRAC_ADMIN`, `PERMISSION_ADMIN`, `PERMISSION_GRANT`, `PERMISSION_REVOKE`. The permissions can be granted using the `trac-admin` command with a more detailed description [#GrantingPrivileges below]: |
16 | 16 | {{{#!sh |
17 | 17 | $ trac-admin /path/to/projenv permission add bob TRAC_ADMIN |
… |
… |
|
30 | 30 | == Available Privileges |
31 | 31 | |
32 | | To enable all privileges for a user, use the `TRAC_ADMIN` permission. Having `TRAC_ADMIN` is like being `root` on a *NIX system: it will allow you to perform any operation. |
33 | | |
34 | | Otherwise, individual privileges can be assigned to users for the various different functional areas of Trac ('''note that the privilege names are case-sensitive'''): |
| 32 | To enable all privileges for a user, use the `TRAC_ADMIN` permission. This permission is like being `root` on a *NIX system: it will allow you to perform any operation. |
| 33 | |
| 34 | Otherwise, individual privileges can be assigned to users for the different functional areas of Trac and '''note that the privilege names are uppercase''': |
35 | 35 | |
36 | 36 | === Repository Browser |
… |
… |
|
52 | 52 | || `TICKET_EDIT_COMMENT` || Modify another user's comments. Any user can modify their own comments by default. || |
53 | 53 | || `TICKET_BATCH_MODIFY` || [TracBatchModify Batch modify] tickets || |
54 | | || `TICKET_ADMIN` || All `TICKET_*` permissions, deletion of ticket attachments and modification of the reporter field, which grants ability to create a ticket on behalf of another user (it will appear that another user created the ticket). It also allows managing ticket properties through the web administration module. || |
| 54 | || `TICKET_ADMIN` || All `TICKET_*` permissions, deletion of ticket attachments and modification of the reporter field, which grants ability to create a ticket on behalf of another user and it will appear that another user created the ticket. It also allows managing ticket properties through the web administration module. || |
55 | 55 | |
56 | 56 | === Roadmap |
… |
… |
|
108 | 108 | }}} |
109 | 109 | |
| 110 | An authenticated user can delete an attachment //they added// without possessing the permission |
| 111 | that grants `ATTACHMENT_DELETE`. |
| 112 | |
110 | 113 | If explicit attachment permissions are preferred, `ATTACHMENT_CREATE`, `ATTACHMENT_DELETE` and `ATTACHMENT_VIEW` can be created using the [trac:ExtraPermissionsProvider]. The simplest implementation is to simply define the actions. |
111 | 114 | {{{#!ini |
… |
… |
|
150 | 153 | Any user who has logged in is also in the //authenticated// group. |
151 | 154 | The //authenticated// group inherits permissions from the //anonymous// group. |
152 | | For example, if the //anonymous// group has permission WIKI_MODIFY, |
153 | | it is not necessary to add the WIKI_MODIFY permission to the //authenticated// group as well. |
| 155 | For example, if the //anonymous// group has permission WIKI_MODIFY, it is not necessary to add the WIKI_MODIFY permission to the //authenticated// group as well. |
154 | 156 | |
155 | 157 | Custom groups may be defined that inherit permissions from the two built-in groups. |
… |
… |
|
169 | 171 | Permission groups can be created by assigning a user to a group you wish to create, then assign permissions to that group. |
170 | 172 | |
171 | | The following will add ''bob'' to the new group called ''beta_testers'' and then will assign WIKI_ADMIN permissions to that group. (Thus, ''bob'' will inherit the WIKI_ADMIN permission) |
| 173 | The following will add ''bob'' to the new group called ''beta_testers'' and then will assign `WIKI_ADMIN` permissions to that group. Thus, ''bob'' will inherit the `WIKI_ADMIN` permission. |
172 | 174 | {{{#!sh |
173 | 175 | $ trac-admin /path/to/projenv permission add bob beta_testers |
… |
… |
|
177 | 179 | == Removing Permissions |
178 | 180 | |
179 | | Permissions can be removed using the 'remove' command. For example: |
| 181 | Permissions can be removed using the 'remove' command. |
180 | 182 | |
181 | 183 | This command will prevent the user ''bob'' from deleting reports: |
… |
… |
|
207 | 209 | //**anonymous**// |
208 | 210 | {{{ |
209 | | BROWSER_VIEW |
210 | | CHANGESET_VIEW |
211 | | FILE_VIEW |
212 | | LOG_VIEW |
213 | | MILESTONE_VIEW |
214 | | REPORT_SQL_VIEW |
215 | | REPORT_VIEW |
216 | | ROADMAP_VIEW |
217 | | SEARCH_VIEW |
218 | | TICKET_VIEW |
| 211 | BROWSER_VIEW |
| 212 | CHANGESET_VIEW |
| 213 | FILE_VIEW |
| 214 | LOG_VIEW |
| 215 | MILESTONE_VIEW |
| 216 | REPORT_SQL_VIEW |
| 217 | REPORT_VIEW |
| 218 | ROADMAP_VIEW |
| 219 | SEARCH_VIEW |
| 220 | TICKET_VIEW |
219 | 221 | TIMELINE_VIEW |
220 | 222 | WIKI_VIEW |
… |
… |
|
223 | 225 | //**authenticated**// |
224 | 226 | {{{ |
225 | | TICKET_CREATE |
226 | | TICKET_MODIFY |
227 | | WIKI_CREATE |
228 | | WIKI_MODIFY |
| 227 | TICKET_CREATE |
| 228 | TICKET_MODIFY |
| 229 | WIKI_CREATE |
| 230 | WIKI_MODIFY |
229 | 231 | }}} |
230 | 232 | ---- |