Best way of using Trac for multiple customers
37 views
Skip to first unread message
Andreas
Aug 25, 2019, 6:45:14 AM8/25/19
to Trac Users
Hallo!
We have been using Trac since a few years now for one customer.
Now we would like to expand the usage of Trac to another customer.
Is there a way where we can use the same installation for both customers in a way that they don't see each others Tickets?
We have further customers which we would like to use Trac in the future, and if we have an own installation for each customer, it would get unclearly pretty fast.
I have already checked some TracHacks-Plugins, but didn't find the right one.
Does anyone have the same problem and maybe a solution for it?
Thanks!
RjOllos
Aug 25, 2019, 7:52:27 PM8/25/19
to Trac Users
TracPrivateTickets permission policy:
You can also look at other permission policies:
Or write one yourself:
https://trac.edgewall.org/wiki/TracDev/PluginDevelopment/ExtensionPoints/trac.perm.IPermissionPolicy
The other way is to have multiple environments, like you've described:
- Ryan
Andreas
Aug 26, 2019, 11:04:40 AM8/26/19
to Trac Users
Hey Ryan!
The TracPrivateTickets permission policy looks pretty good to me, so customers can only see their tickets.
Is there a way where - if you create a new ticket - you can only select specific milestones? I would like to have certain milestones only for certain customers available. Maybe there is a way to add users of customer A to a usergroup "Customer A" and assign milestones (or something like this) to this group?
BTW, if we would need some TRAC-coding in the future - would you be available? (of course for payment)
Thanks!
Best regards,
Andreas
RjOllos
Aug 26, 2019, 4:29:28 PM8/26/19
to Trac Users
On Monday, August 26, 2019 at 8:04:40 AM UTC-7, Andreas wrote:
Hey Ryan!The TracPrivateTickets permission policy looks pretty good to me, so customers can only see their tickets.Is there a way where - if you create a new ticket - you can only select specific milestones? I would like to have certain milestones only for certain customers available. Maybe there is a way to add users of customer A to a usergroup "Customer A" and assign milestones (or something like this) to this group?
Yes, you can restrict access to milestones using a permission policy.
One way would be to use AuthzPolicy and to provide fine-grained access control for each milestone. The access controls are defined in an INI file. I suggest creating a Trac environment, activating AuthzPolicy, and you can experiment.
Or, you can write a custom permission policy if there is some programatic way to determine which milestones a user can access, such as a naming pattern for the milestone, or a database table provided by a plugin.
Andreas
Sep 13, 2019, 7:44:45 AM9/13/19
to Trac Users
Hello Ryan,
thanks for your hint!
I have activated AuthzPolicy on our Trac 1.2.2 environment and the following part is working as it should:
[wiki:testwiki@*]
testuser = WIKI_VIEW
--> testuser can only see the "testwiki" page, nothing else
I was wondering if the realm (?) for milestone would be "milestone", but it failed:
[milestone:testmilestone@*]
testuser = TICKET_CREATE, TICKET_MODIFY, TICKET_VIEW
The testuser can still only see that one testwiki page, but cannot view/edit tickets with milestone "testmilestone".
I'm pretty sure that the syntax / realm for milestone is wrong. Can you help me out here?
Thank you!
Best regards,
Andreas
Ryan Ollos
Sep 13, 2019, 7:17:40 PM9/13/19
to Trac Users
On Fri, Sep 13, 2019 at 4:44 AM Andreas <muffe...@gmail.com> wrote:
Hello Ryan,thanks for your hint!I have activated AuthzPolicy on our Trac 1.2.2 environment and the following part is working as it should:[wiki:testwiki@*]
testuser = WIKI_VIEW
--> testuser can only see the "testwiki" page, nothing else
I was wondering if the realm (?) for milestone would be "milestone", but it failed:
[milestone:testmilestone@*]
testuser = TICKET_CREATE, TICKET_MODIFY, TICKET_VIEW
The testuser can still only see that one testwiki page, but cannot view/edit tickets with milestone "testmilestone".
I'm pretty sure that the syntax / realm for milestone is wrong. Can you help me out here?
Thank you!
Best regards,
Andreas
Using realm 'milestone' will restrict access to a resource in the milestone realm (/milestone).
The ticket page is realm 'ticket'.
To restrict tickets based on permission to view a milestone, you'll need to implement a permission policy. First, restrict access to the milestone using AuthzPolicy, and verify that you can view the milestone. For your example, this will be /milestone/testmilestone, and testmilestone should be visible on the Roadmap page.
Then you need to implement IPermissionPolicy in a component, like the examples described here:
The logic in check_permission would be something like (untested):
def check_permission(self, action, username, resource, perm):
if action == 'TICKET_VIEW' and \
resource is not None and \
resource.realm == 'ticket' and \
resource.id is not None:
try:
ticket = Ticket(self.env, resource.id)
except ResourceNotFound:
pass
else:
if action == 'TICKET_VIEW' and \
resource is not None and \
resource.realm == 'ticket' and \
resource.id is not None:
try:
ticket = Ticket(self.env, resource.id)
except ResourceNotFound:
pass
else:
if 'MILESTONE_VIEW' in req.perm('milestone', ticket['milestone']):
return True
- Ryan
Andreas
Sep 14, 2019, 9:45:52 AM9/14/19
to Trac Users
Hello Ryan,
I was able to fulfill my needs with a combination of SimpleMultiProjectPlugin (permissions) and DynamicFieldsPlugin (dependencies of fields when creating a new ticket)
Thanks for you help anyway, and a big THANK YOU for putting so much effort into Trac!
Best regards,
Andreas
RjOllos
Sep 19, 2019, 12:47:22 AM9/19/19
to Trac Users
This policy is now documented in:
- Ryan
Reply all
Reply to author
Forward
0 new messages