[theme-reviewers] Rogue Trac Users
Otto
otto at ottodestruct.com
Thu Sep 2 20:47:48 UTC 2010
On Thu, Sep 2, 2010 at 3:04 PM, Chip Bennett <chip at chipbennett.net> wrote:
> 1) Trac users cannot assign themselves their own tickets (this should be
> enforceable through Trac, hopefully once Otto fixes associating tickets with
> actual Trac usernames, rather than "themetracbot")
This turns out to be trickier than it seemed at first. So, it might
take me a while, don't expect quick turnaround.
Expect me to make a test ticket or two when trying this out. Just ignore them.
> 2) keywords can only be modified by admins (we don't need to be modifying
> these ourselves anyway, do we?)
Trac considers priority, assignment, keywords, etc to all be part of
the same set of permissions. Exceptions: description field and cc
field have their own permissions.
Only way I can think of preventing this problem is to define who is a
reviewer. This can be done, but it requires management by an admin to
add/remove permissions from users (actually, you can use a reviewer
group mechanism, but you still have to be an admin to do it).
If you want to create a reviewers group and remove the ability of
normal users to resolve tickets (reserving that to the reviewers
group), well then that's something ya'll have to decide.
You can see the full list of trac permissions and how they work here:
http://trac.edgewall.org/wiki/TracPermissions
-Otto
More information about the theme-reviewers
mailing list