bloodhound-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olemis Lang <ole...@gmail.com>
Subject Re: Real product separation
Date Tue, 01 Oct 2013 21:40:04 GMT
On 9/26/13, Tomasz Lempart <tlempart@gmail.com> wrote:
> Hello bloodhound team,
>

Hi !

Below I'll mention the results I've got running 0.7 , which seems to
match your deployment (... isn't it ?) . I'll always write URLs
relative to the environment base URL

[...]
>
> For example I have user U and products P1 and P2.

Products p1 and p2 created . User bhtest registered

{{{#!sh

$ trac-admin /path/to/env/
Welcome to trac-admin 1.0.1
Interactive Trac administration console.
Copyright (C) 2003-2013 Edgewall Software

Type:  '?' or 'help' for help on commands.

Trac [/path/to/env]> product list

Prefix  Owner  Name
------------------------
test           Default
p1      admin  Product 1
p2      admin  Product 2


}}}

> When I add permission
> TICKET_CREATE for user U in product P1 and not in (Global Settings)

User bhtest granted with TICKET_CREATE permission in product p1 ,
which is in turn revoked in global scope

{{{#!sh

Trac [/path/to/env]> permission list

User           Action
------------------------------
admin          TRAC_ADMIN
anonymous      BROWSER_VIEW
anonymous      CHANGESET_VIEW
anonymous      FILE_VIEW
anonymous      LOG_VIEW
anonymous      MILESTONE_VIEW
anonymous      PRODUCT_VIEW
anonymous      REPORT_SQL_VIEW
anonymous      REPORT_VIEW
anonymous      ROADMAP_VIEW
anonymous      SEARCH_VIEW
anonymous      TICKET_VIEW
anonymous      TIMELINE_VIEW
anonymous      WIKI_VIEW
authenticated  PRODUCT_VIEW
authenticated  TICKET_MODIFY
authenticated  WIKI_CREATE
authenticated  WIKI_MODIFY


Available actions:
 ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
 CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
 LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
 MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
 PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
 PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
 REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
 SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
 TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
 TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
 TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
 WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW

Trac [/path/to/env]> product admin p1 permission list

User           Action
------------------------------
anonymous      BROWSER_VIEW
anonymous      CHANGESET_VIEW
anonymous      FILE_VIEW
anonymous      LOG_VIEW
anonymous      MILESTONE_VIEW
anonymous      REPORT_SQL_VIEW
anonymous      REPORT_VIEW
anonymous      ROADMAP_VIEW
anonymous      SEARCH_VIEW
anonymous      TICKET_VIEW
anonymous      TIMELINE_VIEW
anonymous      WIKI_VIEW
authenticated  TICKET_CREATE
authenticated  TICKET_MODIFY
authenticated  WIKI_CREATE
authenticated  WIKI_MODIFY


Available actions:
 ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
 CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
 LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
 MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
 PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
 PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
 REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
 SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
 TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
 TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
 TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
 WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW

Trac [/path/to/env]> product admin p2 permission list

User           Action
------------------------------
anonymous      BROWSER_VIEW
anonymous      CHANGESET_VIEW
anonymous      FILE_VIEW
anonymous      LOG_VIEW
anonymous      MILESTONE_VIEW
anonymous      REPORT_SQL_VIEW
anonymous      REPORT_VIEW
anonymous      ROADMAP_VIEW
anonymous      SEARCH_VIEW
anonymous      TICKET_VIEW
anonymous      TIMELINE_VIEW
anonymous      WIKI_VIEW
authenticated  TICKET_CREATE
authenticated  TICKET_MODIFY
authenticated  WIKI_CREATE
authenticated  WIKI_MODIFY


Available actions:
 ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
 CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
 LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
 MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
 PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
 PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
 REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
 SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
 TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
 TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
 TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
 WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW

}}}

> then
> P1 cannot add new ticket, beacuse Bloodhound show messages:
>
> "TICKET_CREATE privileges are required to perform this operation. You
> don't have the required permissions Please contact your administrator or
> team leader to request these."
>

After bhtest login

1. In /
    * QCT is not visible
2. In /products/p1
    * QCT is visible
    * both p1 and p2 available in product drop down
    * new ticket submissions are ok
3. In /products/p2
    * QCT is visible
    * both p1 and p2 available in product drop down
    * new ticket submissions are ok

> If I add permission TICKET_CREATE also in (Global Settings), then user U
> can see both products in create ticket popup and can create tickets for
> both products.

After adding permissions to bhtest user

{{{#!sh

Trac [/path/to/env]> permission add bhtest TICKET_CREATE
Trac [/path/to/env]> permission list

User           Action
------------------------------
admin          TRAC_ADMIN
anonymous      BROWSER_VIEW
anonymous      CHANGESET_VIEW
anonymous      FILE_VIEW
anonymous      LOG_VIEW
anonymous      MILESTONE_VIEW
anonymous      PRODUCT_VIEW
anonymous      REPORT_SQL_VIEW
anonymous      REPORT_VIEW
anonymous      ROADMAP_VIEW
anonymous      SEARCH_VIEW
anonymous      TICKET_VIEW
anonymous      TIMELINE_VIEW
anonymous      WIKI_VIEW
authenticated  PRODUCT_VIEW
authenticated  TICKET_MODIFY
authenticated  WIKI_CREATE
authenticated  WIKI_MODIFY
bhtest         TICKET_CREATE


Available actions:
 ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
 CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
 LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
 MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
 PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
 PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
 REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
 SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
 TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
 TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
 TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
 WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW

}}}

1. In /
    * QCT is visible
    * both p1 and p2 available in product drop down
    * new ticket submissions are ok
2. In /products/p1
    * QCT is visible
    * both p1 and p2 available in product drop down
    * new ticket submissions are ok
3. In /products/p2
    * QCT is visible
    * both p1 and p2 available in product drop down
    * new ticket submissions are ok

AFAICT all this is expected behavior , cmiiw

-- 
Regards,

Olemis - @olemislc

Mime
View raw message