The behavior you are seeing looks like what I'd expect for the configuration you've shown. There's nothing to limit the ticket workflow actions to tickets for which the user is the owner. That would require a plugin with a custom permissions policy. Nothing has changed in that regard since 0.11 as far as I know. I'll post an example shortly.
First a side note. Your "new_accepted" action seems to be a "dead-end". You don't show any actions that could move your ticket out of the accepted state. Insert [[Workflow]] into a wiki page and you can see that there are no transitions out of the accepted state with your workflow. There also aren't any actions to move a ticket out of the closed state, e.g. reopen.
On Nov 20, 2014 12:11 PM, "Ryan Ollos" <ryan.j...@gmail.com> wrote:
>
>
> On Nov 20, 2014 11:57 AM, "Shawn Baker" <scbak...@gmail.com> wrote:
> >
> > I suppose it is possible that the Agilo plugin (which we are no longer using) had permissions to not allow anyone but TICKET_ADMIN or the owner of the ticket to change the status of the tickets. I really thought that Trac would have something like this out of the box. It seems odd to me that anyone who is authenticated in the system can change the status of any ticket as they see fit.
>
Right, with the default data that ships with trac authenticated users will have TICKET_MODIFY and therefore be able to change tickets in the default workflow . The aim is to impose as little on the user as possible, and let users customize it for their needs. Usually it is simple to customize, but it does get more complex with specialized requirements such as permissions depending on ticket properties. If we receive repeated requests for certain requirements we might try to bundle the functionality into tracopt or sample-plugins.
I'll probably add this permissions policy to the CookbBook pages in the meantime.