close Warning: Can't synchronize with repository "(default)" (The repository directory has changed, you should resynchronize the repository with: trac-admin $ENV repository resync '(default)'). Look in the Trac log for more information.

Changes between Version 5 and Version 6 of TracPermissions


Ignore:
Timestamp:
2021-07-11T14:17:48-07:00 (3 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracPermissions

    v5 v6  
    1313== Graphical Admin Tab
    1414
    15 To access this tab, a user must have one of the following permissions: `TRAC_ADMIN`, `PERMISSION_ADMIN`, `PERMISSION_GRANT`, `PERMISSION_REVOKE`. The permissions can be granted using the `trac-admin` command (more on `trac-admin` below):
     15To access this tab, a user must have one of the following permissions: `TRAC_ADMIN`, `PERMISSION_ADMIN`, `PERMISSION_GRANT`, `PERMISSION_REVOKE`. The permissions can be granted using the `trac-admin` command with a more detailed description [#GrantingPrivileges below]:
    1616{{{#!sh
    1717$ trac-admin /path/to/projenv permission add bob TRAC_ADMIN
     
    3030== Available Privileges
    3131
    32 To enable all privileges for a user, use the `TRAC_ADMIN` permission. Having `TRAC_ADMIN` is like being `root` on a *NIX system: it will allow you to perform any operation.
    33 
    34 Otherwise, individual privileges can be assigned to users for the various different functional areas of Trac ('''note that the privilege names are case-sensitive'''):
     32To enable all privileges for a user, use the `TRAC_ADMIN` permission. This permission is like being `root` on a *NIX system: it will allow you to perform any operation.
     33
     34Otherwise, individual privileges can be assigned to users for the different functional areas of Trac and '''note that the privilege names are uppercase''':
    3535
    3636=== Repository Browser
     
    5252|| `TICKET_EDIT_COMMENT` || Modify another user's comments. Any user can modify their own comments by default. ||
    5353|| `TICKET_BATCH_MODIFY` || [TracBatchModify Batch modify] tickets ||
    54 || `TICKET_ADMIN` || All `TICKET_*` permissions, deletion of ticket attachments and modification of the reporter field, which grants ability to create a ticket on behalf of another user (it will appear that another user created the ticket). It also allows managing ticket properties through the web administration module. ||
     54|| `TICKET_ADMIN` || All `TICKET_*` permissions, deletion of ticket attachments and modification of the reporter field, which grants ability to create a ticket on behalf of another user and it will appear that another user created the ticket. It also allows managing ticket properties through the web administration module. ||
    5555
    5656=== Roadmap
     
    108108}}}
    109109
     110An authenticated user can delete an attachment //they added// without possessing the permission
     111that grants `ATTACHMENT_DELETE`.
     112
    110113If explicit attachment permissions are preferred, `ATTACHMENT_CREATE`, `ATTACHMENT_DELETE` and `ATTACHMENT_VIEW` can be created using the [trac:ExtraPermissionsProvider]. The simplest implementation is to simply define the actions.
    111114{{{#!ini
     
    150153Any user who has logged in is also in the //authenticated// group.
    151154The //authenticated// group inherits permissions from the //anonymous// group.
    152 For example, if the //anonymous// group has permission WIKI_MODIFY,
    153 it is not necessary to add the WIKI_MODIFY permission to the //authenticated// group as well.
     155For example, if the //anonymous// group has permission WIKI_MODIFY, it is not necessary to add the WIKI_MODIFY permission to the //authenticated// group as well.
    154156
    155157Custom groups may be defined that inherit permissions from the two built-in groups.
     
    169171Permission groups can be created by assigning a user to a group you wish to create, then assign permissions to that group.
    170172
    171 The following will add ''bob'' to the new group called ''beta_testers'' and then will assign WIKI_ADMIN permissions to that group. (Thus, ''bob'' will inherit the WIKI_ADMIN permission)
     173The following will add ''bob'' to the new group called ''beta_testers'' and then will assign `WIKI_ADMIN` permissions to that group. Thus, ''bob'' will inherit the `WIKI_ADMIN` permission.
    172174{{{#!sh
    173175$ trac-admin /path/to/projenv permission add bob beta_testers
     
    177179== Removing Permissions
    178180
    179 Permissions can be removed using the 'remove' command. For example:
     181Permissions can be removed using the 'remove' command.
    180182
    181183This command will prevent the user ''bob'' from deleting reports:
     
    207209//**anonymous**//
    208210{{{
    209 BROWSER_VIEW 
    210 CHANGESET_VIEW 
    211 FILE_VIEW 
    212 LOG_VIEW 
    213 MILESTONE_VIEW 
    214 REPORT_SQL_VIEW 
    215 REPORT_VIEW 
    216 ROADMAP_VIEW 
    217 SEARCH_VIEW 
    218 TICKET_VIEW 
     211BROWSER_VIEW
     212CHANGESET_VIEW
     213FILE_VIEW
     214LOG_VIEW
     215MILESTONE_VIEW
     216REPORT_SQL_VIEW
     217REPORT_VIEW
     218ROADMAP_VIEW
     219SEARCH_VIEW
     220TICKET_VIEW
    219221TIMELINE_VIEW
    220222WIKI_VIEW
     
    223225//**authenticated**//
    224226{{{
    225 TICKET_CREATE 
    226 TICKET_MODIFY 
    227 WIKI_CREATE 
    228 WIKI_MODIFY 
     227TICKET_CREATE
     228TICKET_MODIFY
     229WIKI_CREATE
     230WIKI_MODIFY
    229231}}}
    230232----