bloodhound-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tomasz Lempart <tlemp...@gmail.com>
Subject Re: Real product separation
Date Wed, 02 Oct 2013 13:43:46 GMT
Hi,

thank you for taking the time to check this, but my case is different. 
My original question was: "Is there possibility to configure bloodhound 
in such way, that one user can create and see issues only for one 
product?". In your case bhtest see both products.

For the following configuration user bhtest can not create ticket, 
because of lacking permissions.

Trac [/opt/bloodhound/bloodhound]> permission list

User    Action
----------------------
bhtest      WIKI_VIEW
tlempart    TRAC_ADMIN

Trac [/opt/bloodhound/bloodhound]> product admin p1 permission list

User    Action
-------------------------
bhtest      TICKET_CREATE

Trac [/opt/bloodhound/bloodhound]> product admin p2 permission list

User    Action
-----------------

If I add permission for global settings:

Trac [/opt/bloodhound/bloodhound]> permission add bhtest TICKET_CREATE

Trac [/opt/bloodhound/bloodhound]> permission list

User    Action
-------------------------
bhtest      TICKET_CREATE
bhtest      WIKI_VIEW
tlempart    TRAC_ADMIN

than user bhtest can create ticket for both products, what IMHO is wrong.

I use the latest version of BloodHound 0.7.

> On 9/26/13, Tomasz Lempart <tlempart@gmail.com> wrote:
>> Hello bloodhound team,
>>
> Hi !
>
> Below I'll mention the results I've got running 0.7 , which seems to
> match your deployment (... isn't it ?) . I'll always write URLs
> relative to the environment base URL
>
> [...]
>> For example I have user U and products P1 and P2.
> Products p1 and p2 created . User bhtest registered
>
> {{{#!sh
>
> $ trac-admin /path/to/env/
> Welcome to trac-admin 1.0.1
> Interactive Trac administration console.
> Copyright (C) 2003-2013 Edgewall Software
>
> Type:  '?' or 'help' for help on commands.
>
> Trac [/path/to/env]> product list
>
> Prefix  Owner  Name
> ------------------------
> test           Default
> p1      admin  Product 1
> p2      admin  Product 2
>
>
> }}}
>
>> When I add permission
>> TICKET_CREATE for user U in product P1 and not in (Global Settings)
> User bhtest granted with TICKET_CREATE permission in product p1 ,
> which is in turn revoked in global scope
>
> {{{#!sh
>
> Trac [/path/to/env]> permission list
>
> User           Action
> ------------------------------
> admin          TRAC_ADMIN
> anonymous      BROWSER_VIEW
> anonymous      CHANGESET_VIEW
> anonymous      FILE_VIEW
> anonymous      LOG_VIEW
> anonymous      MILESTONE_VIEW
> anonymous      PRODUCT_VIEW
> anonymous      REPORT_SQL_VIEW
> anonymous      REPORT_VIEW
> anonymous      ROADMAP_VIEW
> anonymous      SEARCH_VIEW
> anonymous      TICKET_VIEW
> anonymous      TIMELINE_VIEW
> anonymous      WIKI_VIEW
> authenticated  PRODUCT_VIEW
> authenticated  TICKET_MODIFY
> authenticated  WIKI_CREATE
> authenticated  WIKI_MODIFY
>
>
> Available actions:
>   ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
>   CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
>   LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
>   MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
>   PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
>   PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
>   REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
>   SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
>   TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
>   TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
>   TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
>   WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
>
> Trac [/path/to/env]> product admin p1 permission list
>
> User           Action
> ------------------------------
> anonymous      BROWSER_VIEW
> anonymous      CHANGESET_VIEW
> anonymous      FILE_VIEW
> anonymous      LOG_VIEW
> anonymous      MILESTONE_VIEW
> anonymous      REPORT_SQL_VIEW
> anonymous      REPORT_VIEW
> anonymous      ROADMAP_VIEW
> anonymous      SEARCH_VIEW
> anonymous      TICKET_VIEW
> anonymous      TIMELINE_VIEW
> anonymous      WIKI_VIEW
> authenticated  TICKET_CREATE
> authenticated  TICKET_MODIFY
> authenticated  WIKI_CREATE
> authenticated  WIKI_MODIFY
>
>
> Available actions:
>   ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
>   CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
>   LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
>   MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
>   PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
>   PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
>   REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
>   SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
>   TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
>   TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
>   TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
>   WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
>
> Trac [/path/to/env]> product admin p2 permission list
>
> User           Action
> ------------------------------
> anonymous      BROWSER_VIEW
> anonymous      CHANGESET_VIEW
> anonymous      FILE_VIEW
> anonymous      LOG_VIEW
> anonymous      MILESTONE_VIEW
> anonymous      REPORT_SQL_VIEW
> anonymous      REPORT_VIEW
> anonymous      ROADMAP_VIEW
> anonymous      SEARCH_VIEW
> anonymous      TICKET_VIEW
> anonymous      TIMELINE_VIEW
> anonymous      WIKI_VIEW
> authenticated  TICKET_CREATE
> authenticated  TICKET_MODIFY
> authenticated  WIKI_CREATE
> authenticated  WIKI_MODIFY
>
>
> Available actions:
>   ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
>   CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
>   LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
>   MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
>   PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
>   PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
>   REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
>   SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
>   TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
>   TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
>   TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
>   WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
>
> }}}
>
>> then
>> P1 cannot add new ticket, beacuse Bloodhound show messages:
>>
>> "TICKET_CREATE privileges are required to perform this operation. You
>> don't have the required permissions Please contact your administrator or
>> team leader to request these."
>>
> After bhtest login
>
> 1. In /
>      * QCT is not visible
> 2. In /products/p1
>      * QCT is visible
>      * both p1 and p2 available in product drop down
>      * new ticket submissions are ok
> 3. In /products/p2
>      * QCT is visible
>      * both p1 and p2 available in product drop down
>      * new ticket submissions are ok
>
>> If I add permission TICKET_CREATE also in (Global Settings), then user U
>> can see both products in create ticket popup and can create tickets for
>> both products.
> After adding permissions to bhtest user
>
> {{{#!sh
>
> Trac [/path/to/env]> permission add bhtest TICKET_CREATE
> Trac [/path/to/env]> permission list
>
> User           Action
> ------------------------------
> admin          TRAC_ADMIN
> anonymous      BROWSER_VIEW
> anonymous      CHANGESET_VIEW
> anonymous      FILE_VIEW
> anonymous      LOG_VIEW
> anonymous      MILESTONE_VIEW
> anonymous      PRODUCT_VIEW
> anonymous      REPORT_SQL_VIEW
> anonymous      REPORT_VIEW
> anonymous      ROADMAP_VIEW
> anonymous      SEARCH_VIEW
> anonymous      TICKET_VIEW
> anonymous      TIMELINE_VIEW
> anonymous      WIKI_VIEW
> authenticated  PRODUCT_VIEW
> authenticated  TICKET_MODIFY
> authenticated  WIKI_CREATE
> authenticated  WIKI_MODIFY
> bhtest         TICKET_CREATE
>
>
> Available actions:
>   ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
>   CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
>   LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
>   MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
>   PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
>   PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
>   REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
>   SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
>   TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
>   TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
>   TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
>   WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
>
> }}}
>
> 1. In /
>      * QCT is visible
>      * both p1 and p2 available in product drop down
>      * new ticket submissions are ok
> 2. In /products/p1
>      * QCT is visible
>      * both p1 and p2 available in product drop down
>      * new ticket submissions are ok
> 3. In /products/p2
>      * QCT is visible
>      * both p1 and p2 available in product drop down
>      * new ticket submissions are ok
>
> AFAICT all this is expected behavior , cmiiw
>


Mime
View raw message