Changes between Version 2 and Version 3 of TracPermissions


Ignore:
Timestamp:
12/24/20 10:50:35 (4 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • TracPermissions

    v2 v3  
    1313== Graphical Admin Tab
    1414
    15 To access this tab, a user must have one of the following permissions: `TRAC_ADMIN`, `PERMISSION_ADMIN`, `PERMISSION_GRANT`, `PERMISSION_REVOKE`. The permissions can be granted using the `trac-admin` command with a more detailed description [#GrantingPrivileges below]:
     15To access this tab, a user must have one of the following permissions: `TRAC_ADMIN`, `PERMISSION_ADMIN`, `PERMISSION_GRANT`, `PERMISSION_REVOKE`. The permissions can be granted using the `trac-admin` command (more on `trac-admin` below):
    1616{{{#!sh
    1717$ trac-admin /path/to/projenv permission add bob TRAC_ADMIN
     
    3030== Available Privileges
    3131
    32 To enable all privileges for a user, use the `TRAC_ADMIN` permission. This permission is like being `root` on a *NIX system: it will allow you to perform any operation.
    33 
    34 Otherwise, individual privileges can be assigned to users for the different functional areas of Trac and '''note that the privilege names are uppercase''':
     32To enable all privileges for a user, use the `TRAC_ADMIN` permission. Having `TRAC_ADMIN` is like being `root` on a *NIX system: it will allow you to perform any operation.
     33
     34Otherwise, individual privileges can be assigned to users for the various different functional areas of Trac ('''note that the privilege names are case-sensitive'''):
    3535
    3636=== Repository Browser
     
    5252|| `TICKET_EDIT_COMMENT` || Modify another user's comments. Any user can modify their own comments by default. ||
    5353|| `TICKET_BATCH_MODIFY` || [TracBatchModify Batch modify] tickets ||
    54 || `TICKET_ADMIN` || All `TICKET_*` permissions, deletion of ticket attachments and modification of the reporter field, which grants ability to create a ticket on behalf of another user and it will appear that another user created the ticket. It also allows managing ticket properties through the web administration module. ||
     54|| `TICKET_ADMIN` || All `TICKET_*` permissions, deletion of ticket attachments and modification of the reporter field, which grants ability to create a ticket on behalf of another user (it will appear that another user created the ticket). It also allows managing ticket properties through the web administration module. ||
    5555
    5656=== Roadmap
     
    108108}}}
    109109
    110 An authenticated user can delete an attachment //they added// without possessing the permission
    111 that grants `ATTACHMENT_DELETE`.
    112 
    113110If explicit attachment permissions are preferred, `ATTACHMENT_CREATE`, `ATTACHMENT_DELETE` and `ATTACHMENT_VIEW` can be created using the [trac:ExtraPermissionsProvider]. The simplest implementation is to simply define the actions.
    114111{{{#!ini
     
    153150Any user who has logged in is also in the //authenticated// group.
    154151The //authenticated// group inherits permissions from the //anonymous// group.
    155 For example, if the //anonymous// group has permission WIKI_MODIFY, it is not necessary to add the WIKI_MODIFY permission to the //authenticated// group as well.
     152For example, if the //anonymous// group has permission WIKI_MODIFY,
     153it is not necessary to add the WIKI_MODIFY permission to the //authenticated// group as well.
    156154
    157155Custom groups may be defined that inherit permissions from the two built-in groups.
     
    171169Permission groups can be created by assigning a user to a group you wish to create, then assign permissions to that group.
    172170
    173 The following will add ''bob'' to the new group called ''beta_testers'' and then will assign `WIKI_ADMIN` permissions to that group. Thus, ''bob'' will inherit the `WIKI_ADMIN` permission.
     171The following will add ''bob'' to the new group called ''beta_testers'' and then will assign WIKI_ADMIN permissions to that group. (Thus, ''bob'' will inherit the WIKI_ADMIN permission)
    174172{{{#!sh
    175173$ trac-admin /path/to/projenv permission add bob beta_testers
     
    179177== Removing Permissions
    180178
    181 Permissions can be removed using the 'remove' command.
     179Permissions can be removed using the 'remove' command. For example:
    182180
    183181This command will prevent the user ''bob'' from deleting reports:
     
    209207//**anonymous**//
    210208{{{
    211 BROWSER_VIEW
    212 CHANGESET_VIEW
    213 FILE_VIEW
    214 LOG_VIEW
    215 MILESTONE_VIEW
    216 REPORT_SQL_VIEW
    217 REPORT_VIEW
    218 ROADMAP_VIEW
    219 SEARCH_VIEW
    220 TICKET_VIEW
     209BROWSER_VIEW 
     210CHANGESET_VIEW 
     211FILE_VIEW 
     212LOG_VIEW 
     213MILESTONE_VIEW 
     214REPORT_SQL_VIEW 
     215REPORT_VIEW 
     216ROADMAP_VIEW 
     217SEARCH_VIEW 
     218TICKET_VIEW 
    221219TIMELINE_VIEW
    222220WIKI_VIEW
     
    225223//**authenticated**//
    226224{{{
    227 TICKET_CREATE
    228 TICKET_MODIFY
    229 WIKI_CREATE
    230 WIKI_MODIFY
     225TICKET_CREATE 
     226TICKET_MODIFY 
     227WIKI_CREATE 
     228WIKI_MODIFY 
    231229}}}
    232230----