Search code examples
pythonubuntuaccess-controlbitnamitrac

Trac - Limited assign permissions

Hello dear Developers,

I recently installed trac in my workplace, and I currently manage it. So it was all good until I found this requirement which seems to be impossible with trac (with what it comes by default)

I have several groups, and they have different permissions. Suppose they are as below.

Super Admin - John
Engineer Admin - Jane, Jack, 
Engineer - Peter, Sam, 
Quality Assurance - Bill, Steve, Rose

Now, I want these QA guys to have the ability to create a ticket. That can be done with permissions. But when they create the ticket, I want to limit their privileges to whom they can assign it. That means, They should only be able to assign the ticket to Jane or Jack (or say the Engineer admin Group). Then Jane/Jack will assign it to any Engineer Guy..

That's how I want to manage the flow. But I have no idea how to do this..I searched and found some plugins, but they all are different from what I want.

Can anybody guide me with what to do?

Thanks in advance. Please feel free to ask anything if I'm not clear enough.

Solution

  • It should be possible to do this with Trac, no plugins needed, but you'll need to enable some Components that aren't enabled by default. Hopefully you are using a recent version, preferably Trac 1.0.2.

    Enable extra-permissions-provider:

    [components]
tracopt.perm.config_perm_provider.extrapermissionsprovider = enabled

    Create a special permission for the QA group to assign tickets, and for all other users to assign tickets:

    [extra-permissions]
_perms = TICKET_ASSIGN_QA, TICKET_ASSIGN

    Grant TICKET_ASSIGN_QA to the QA group. Create a special workflow action for the QA group:

    [ticket-workflow]
qa_reassign = new -> assigned
qa_reassign.name = assign
qa_reassign.operations = set_owner
qa_reassign.set_owner = Jack, Jane
qa_reassign.permission = TICKET_ASSIGN_QA

    If you're using the default workflow, for the reassign operation you'll need to specify a permission attribute in the ticket workflow, requiring a permission that the QA group doesn't possess so that they don't see that workflow action. The following also goes in the [ticket-workflow] section.

    reassign.permission = TICKET_ASSIGN

    This configuration looks tricky, so feel free to follow up if you need more tips.