[trac] Problem with PrivateTicketsPlugin / VirtualTicketsPermissions
43 views
Skip to first unread message
jhNz
May 24, 2012, 5:08:10 AM5/24/12
to trac-...@googlegroups.com
First of all I have to state that I'm pretty new to trac. I was instructed to set it up for our company and until now everything worked well during the setup.
The point is, we want to use a single trac instance for multiple companies. Each company representative will get an account to post tickets and view
their status. It is important that the guy of company A wont be able to read the tickets the guy of company B submitted. That's where these plugins comes into play.
I am using trac 0.12.3 and PrivateTicketsPlugin 1.1.1
I installed it properly I guess since it appears in the Plugins menu of the trac-administration. I also have the new permissions that come with the plugins in
the dropdown-box in the permissions menu. So I guess this all worked well.
I added the PrivateTicketsPolicy to the trac.ini file and obviously enabled the plugin there as well. The PrivateTicketsPolicy is placed before the existing Policies:
permission_policies = PrivateTicketsPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy
In short: I followed the configuration instructions provided on trac-hacks.org step by step.
To test it I created a guest-user and granted him the permission TICKET_VIEW_REPORTER, since I want him to only see the tickets he reported himself.
Beside that guest doesn't have any other permissions since the guest-account inherits all permissions from "authenticated" which are at the moment:
TICKET_CREATE, TICKET_MODIFY, TICKET_VIEW, WIKI_CREATE, WIKI_MODIFY and
The problem is that it doesn't seem to work at all. My guest user is still able to see all tickets. Are there any errors regarding my permission configuration or
do you see any other things that I might have missed? I'm a bit at a loss about that at the moment since it doesn't seem to be a "real" error with a corresponding
error message providing some kind of information about the issue. It's probably a wrong configuration of the permissions right now I guess.
I tried both plugins stated in the title of this post and both seem to have the same non-existing effect on my trac system ;/
Any help about that issue is greatly appreciated.
// Johannes
Olaf Meeuwissen
May 24, 2012, 7:12:27 PM5/24/12
to trac-...@googlegroups.com
jhNz <johann...@googlemail.com> writes:
> [...]
permissions by any chance?
Hope this helps,
--
Olaf Meeuwissen, LPIC-2 FLOSS Engineer -- AVASYS CORPORATION
FSF Associate Member #1962 Help support software freedom
http://www.fsf.org/jf?referrer=1962
> [...]
> In short: I followed the configuration instructions provided on
> trac-hacks.org step by step.
>
> To test it I created a guest-user and granted him the permission
> TICKET_VIEW_REPORTER, since I want him to only see the tickets he
> reported himself. Beside that guest doesn't have any other
> permissions since the guest-account inherits all permissions from
> "authenticated" which are at the moment: TICKET_CREATE, TICKET_MODIFY,
> TICKET_VIEW, WIKI_CREATE, WIKI_MODIFY and WIKI_VIEW.
>
> As you can see, the user- and permission-configuration is as basic as
> it gets.
>
> The problem is that it doesn't seem to work at all. My guest user is
> still able to see all tickets. Are there any errors regarding my
> permission configuration or do you see any other things that I might
> have missed?
Just shooting in the dark but does the `anonymous` user have TICKET_VIEW
> trac-hacks.org step by step.
>
> To test it I created a guest-user and granted him the permission
> TICKET_VIEW_REPORTER, since I want him to only see the tickets he
> reported himself. Beside that guest doesn't have any other
> permissions since the guest-account inherits all permissions from
> "authenticated" which are at the moment: TICKET_CREATE, TICKET_MODIFY,
> TICKET_VIEW, WIKI_CREATE, WIKI_MODIFY and WIKI_VIEW.
>
> As you can see, the user- and permission-configuration is as basic as
> it gets.
>
> The problem is that it doesn't seem to work at all. My guest user is
> still able to see all tickets. Are there any errors regarding my
> permission configuration or do you see any other things that I might
> have missed?
permissions by any chance?
Hope this helps,
--
Olaf Meeuwissen, LPIC-2 FLOSS Engineer -- AVASYS CORPORATION
FSF Associate Member #1962 Help support software freedom
http://www.fsf.org/jf?referrer=1962
RjOllos
May 27, 2012, 11:18:22 PM5/27/12
to trac-...@googlegroups.com
On Thursday, May 24, 2012 2:08:10 AM UTC-7, jhNz wrote:
The problem is that it doesn't seem to work at all. My guest user is still able to see all tickets. Are there any errors regarding my permission configuration ordo you see any other things that I might have missed? I'm a bit at a loss about that at the moment since it doesn't seem to be a "real" error with a correspondingerror message providing some kind of information about the issue. It's probably a wrong configuration of the permissions right now I guess.
It is a good sign that the plugin showed up in WebAdmin, but I'm fairly sure that it is still possible for the plugin to be unloaded if it generates an exception after being loaded. PrivateTicketsPlugin, VirtualTicketPermissionsPlugin and SensitiveTicketsPlugin all have an unfortunate failure mode in which the user will be granted access to see all of the tickets when the plugin is unloaded. So I think the first thing to do is to set the logging level and output location so we can see in the Trac logs if there are any clues.
RjOllos
May 27, 2012, 11:29:23 PM5/27/12
to trac-...@googlegroups.com
Also, please let us know which version of PrivateTicketsPlugin you are using and I'll do some testing.
I will add some additional information to the project's wiki page in the near future. In addition to describing the possible failure mode and exposure of information that can result, I will also add some information about the known issue of possible slow ticket load times for PrivateTicketsPlugin when there are a modest number of users and groups.
Reply all
Reply to author
Forward
0 new messages