You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@bloodhound.apache.org by Tomasz Lempart <tl...@gmail.com> on 2013/09/26 08:10:56 UTC
Real product separation
Hello bloodhound team,
multiproduct functionality for trac is that what I waited a long
time. Is there possibility to configure bloodhound in such way, that one
user can create and see issues only for one product?
For example I have user U and products P1 and P2. When I add permission
TICKET_CREATE for user U in product P1 and not in (Global Settings) then
P1 cannot add new ticket, beacuse Bloodhound show messages:
"TICKET_CREATE privileges are required to perform this operation. You
don't have the required permissions Please contact your administrator or
team leader to request these."
If I add permission TICKET_CREATE also in (Global Settings), then user U
can see both products in create ticket popup and can create tickets for
both products.
Best regards
Tomasz Lempart
Re: Real product separation
Posted by Olemis Lang <ol...@gmail.com>.
On 9/26/13, Tomasz Lempart <tl...@gmail.com> wrote:
> Hello bloodhound team,
>
Hi !
> multiproduct functionality for trac is that what I waited a long
> time.
:)
> Is there possibility to configure bloodhound in such way, that one
> user can create and see issues only for one product?
>
AFAICT , yes .
> For example I have user U and products P1 and P2.
Users are global .
> When I add permission
> TICKET_CREATE for user U in product P1 and not in (Global Settings) then
> P1 cannot add new ticket, beacuse Bloodhound show messages:
>
> "TICKET_CREATE privileges are required to perform this operation. You
> don't have the required permissions Please contact your administrator or
> team leader to request these."
>
> If I add permission TICKET_CREATE also in (Global Settings), then user U
> can see both products in create ticket popup and can create tickets for
> both products.
>
hmmm ... I'll take a look into this . this might be an issue .
--
Regards,
Olemis - @olemislc
Re: Real product separation
Posted by Tomasz Lempart <tl...@gmail.com>.
> On 9/26/13, Tomasz Lempart <tl...@gmail.com> wrote:
>> Hello bloodhound team,
>>
> Hi !
>
>> multiproduct functionality for trac is that what I waited a long
>> time.
> :)
>
>> Is there possibility to configure bloodhound in such way, that one
>> user can create and see issues only for one product?
>>
> AFAICT , yes .
>
>> For example I have user U and products P1 and P2.
> Users are global .
>
>> When I add permission
>> TICKET_CREATE for user U in product P1 and not in (Global Settings) then
>> P1 cannot add new ticket, beacuse Bloodhound show messages:
>>
>> "TICKET_CREATE privileges are required to perform this operation. You
>> don't have the required permissions Please contact your administrator or
>> team leader to request these."
>>
>> If I add permission TICKET_CREATE also in (Global Settings), then user U
>> can see both products in create ticket popup and can create tickets for
>> both products.
>>
> hmmm ... I'll take a look into this . this might be an issue .
>
Thanks, for now this is the only thing that stops me before using of
bloodhound in production.
Re: Real product separation
Posted by Olemis Lang <ol...@gmail.com>.
On 9/26/13, Tomasz Lempart <tl...@gmail.com> wrote:
> Hello bloodhound team,
>
Hi !
> multiproduct functionality for trac is that what I waited a long
> time.
:)
> Is there possibility to configure bloodhound in such way, that one
> user can create and see issues only for one product?
>
AFAICT , yes .
> For example I have user U and products P1 and P2.
Users are global .
> When I add permission
> TICKET_CREATE for user U in product P1 and not in (Global Settings) then
> P1 cannot add new ticket, beacuse Bloodhound show messages:
>
> "TICKET_CREATE privileges are required to perform this operation. You
> don't have the required permissions Please contact your administrator or
> team leader to request these."
>
> If I add permission TICKET_CREATE also in (Global Settings), then user U
> can see both products in create ticket popup and can create tickets for
> both products.
>
hmmm ... I'll take a look into this . this might be an issue .
--
Regards,
Olemis - @olemislc
Re: Real product separation
Posted by Joachim Dreimann <jo...@wandisco.com>.
Interesting.. I've not had time to test this yet but I'm forwarding this to
the dev@ mailing list for better visibility.
- Joe
On 26 September 2013 07:10, Tomasz Lempart <tl...@gmail.com> wrote:
> Hello bloodhound team,
>
> multiproduct functionality for trac is that what I waited a long time.
> Is there possibility to configure bloodhound in such way, that one user can
> create and see issues only for one product?
>
> For example I have user U and products P1 and P2. When I add permission
> TICKET_CREATE for user U in product P1 and not in (Global Settings) then P1
> cannot add new ticket, beacuse Bloodhound show messages:
>
> "TICKET_CREATE privileges are required to perform this operation. You
> don't have the required permissions Please contact your administrator or
> team leader to request these."
>
> If I add permission TICKET_CREATE also in (Global Settings), then user U
> can see both products in create ticket popup and can create tickets for
> both products.
>
> Best regards
> Tomasz Lempart
>
Re: Real product separation
Posted by Olemis Lang <ol...@gmail.com>.
On 10/4/13, Tomasz Lempart <tl...@gmail.com> wrote:
> W dniu 03.10.2013 08:16, Olemis Lang pisze:
>> On 10/2/13, Tomasz Lempart <tl...@gmail.com> wrote:
>>> Hi,
>>>
>> :)
>>
>>> thank you for taking the time to check this, but my case is different.
>>> My original question was: "Is there possibility to configure bloodhound
>>> in such way, that one user can create and see issues only for one
>>> product?". In your case bhtest see both products.
>>>
>> I see your point now . You want to restrict the items in QCT product
>> list to only include the products satisfying that PRODUCT_VIEW &
>> TICKET_CREATE perms granted to the logged in user ... isn't it ?
>>
>> [...]
>>
> It is true. Further I want that user can see/create tickets for one
> product, i.e. p1 and should nothing know about product p2 inclusive
> issues created for p2.
>
Considering your sample permissions matrix bhtest user will not be
able to see any tickets at all in any context because of lacking
TICKET_VIEW .
Could you please confirm and/or provide further detailed conditions to
check so that I can add new assertions in test cases for #388 ? (...
and fix any inconsistences I might find along the way ...)
TIA
--
Regards,
Olemis - @olemislc
Re: Real product separation
Posted by Olemis Lang <ol...@gmail.com>.
On 10/4/13, Tomasz Lempart <tl...@gmail.com> wrote:
> W dniu 03.10.2013 08:16, Olemis Lang pisze:
>> On 10/2/13, Tomasz Lempart <tl...@gmail.com> wrote:
>>> Hi,
>>>
>> :)
>>
>>> thank you for taking the time to check this, but my case is different.
>>> My original question was: "Is there possibility to configure bloodhound
>>> in such way, that one user can create and see issues only for one
>>> product?". In your case bhtest see both products.
>>>
>> I see your point now . You want to restrict the items in QCT product
>> list to only include the products satisfying that PRODUCT_VIEW &
>> TICKET_CREATE perms granted to the logged in user ... isn't it ?
>>
>> [...]
>>
> It is true. Further I want that user can see/create tickets for one
> product, i.e. p1 and should nothing know about product p2 inclusive
> issues created for p2.
>
I'll track work on this in #388 [1]_ . I'd appreciate to receive
further feedback as I make progress .
TIA
.. [1] https://issues.apache.org/bloodhound/ticket/388
--
Regards,
Olemis - @olemislc
Re: Real product separation
Posted by Tomasz Lempart <tl...@gmail.com>.
W dniu 03.10.2013 08:16, Olemis Lang pisze:
> On 10/2/13, Tomasz Lempart <tl...@gmail.com> wrote:
>> Hi,
>>
> :)
>
>> thank you for taking the time to check this, but my case is different.
>> My original question was: "Is there possibility to configure bloodhound
>> in such way, that one user can create and see issues only for one
>> product?". In your case bhtest see both products.
>>
> I see your point now . You want to restrict the items in QCT product
> list to only include the products satisfying that PRODUCT_VIEW &
> TICKET_CREATE perms granted to the logged in user ... isn't it ?
>
> [...]
>
It is true. Further I want that user can see/create tickets for one
product, i.e. p1 and should nothing know about product p2 inclusive
issues created for p2.
Re: Real product separation
Posted by Olemis Lang <ol...@gmail.com>.
On 10/2/13, Tomasz Lempart <tl...@gmail.com> wrote:
> Hi,
>
:)
> thank you for taking the time to check this, but my case is different.
> My original question was: "Is there possibility to configure bloodhound
> in such way, that one user can create and see issues only for one
> product?". In your case bhtest see both products.
>
I see your point now . You want to restrict the items in QCT product
list to only include the products satisfying that PRODUCT_VIEW &
TICKET_CREATE perms granted to the logged in user ... isn't it ?
[...]
--
Regards,
Olemis - @olemislc
Re: Real product separation
Posted by Olemis Lang <ol...@gmail.com>.
On 10/2/13, Tomasz Lempart <tl...@gmail.com> wrote:
> Hi,
>
[...]
I have added patches for #388 and wanted to share with you the aim of
modifications looking for feedback to know whether the results are on
the right track .
I apologize for the delay , but I had to enhance and include a few
features in test code so as to be able to automate verifications of
expected results .
>
> For the following configuration user bhtest can not create ticket,
> because of lacking permissions.
>
> Trac [/opt/bloodhound/bloodhound]> permission list
>
> User Action
> ----------------------
> bhtest WIKI_VIEW
> tlempart TRAC_ADMIN
>
Up to this point this is what is expected to happen for user bhtest in
global scope
1. Wiki pages will be displayed
2. QCT will be shown , but ...
3. inline new ticket form will not be displayed ...
4. ... but a warning message instead (no TICKET_CREATE ...)
> Trac [/opt/bloodhound/bloodhound]> product admin p1 permission list
>
> User Action
> -------------------------
> bhtest TICKET_CREATE
>
... in product p1 scope :
5. Wiki pages will not be displayed
6. QCT will not be shown in wiki page (because of the error) ...
7. ... but will be rendered in p1' s /newticket form
8. ... and inline new ticket form will be fully functional
9. ... and product combo box will include p1 but not p2
> Trac [/opt/bloodhound/bloodhound]> product admin p2 permission list
>
> User Action
> -----------------
>
In product p2 :
10. Wiki pages will not be displayed
11. QCT will not be shown in wiki page (because of the error) ...
12. ... access to p2' s /newticket form will be forbidden
13. ... hence QCT will not be shown in that page either ...
> If I add permission for global settings:
>
> Trac [/opt/bloodhound/bloodhound]> permission add bhtest TICKET_CREATE
>
> Trac [/opt/bloodhound/bloodhound]> permission list
>
> User Action
> -------------------------
> bhtest TICKET_CREATE
> bhtest WIKI_VIEW
> tlempart TRAC_ADMIN
>
> than user bhtest can create ticket for both products, what IMHO is wrong.
>
after doing so
... in product p1 scope :
14. Wiki pages will be displayed
15. QCT will be shown ...
17. ... and inline new ticket form will be fully functional
18. ... and product combo box will include p1 but not p2
... and all other conditions above for p1 and p2 remain unchanged .
> I use the latest version of BloodHound 0.7.
>
jftr, this has been developed against /trunk and should be released in
forthcoming 0.8
Is this ok ?
[...]
--
Regards,
Olemis - @olemislc
Re: Real product separation
Posted by Olemis Lang <ol...@gmail.com>.
On 10/2/13, Tomasz Lempart <tl...@gmail.com> wrote:
> Hi,
>
[...]
I have added patches for #388 and wanted to share with you the aim of
modifications looking for feedback to know whether the results are on
the right track .
I apologize for the delay , but I had to enhance and include a few
features in test code so as to be able to automate verifications of
expected results .
>
> For the following configuration user bhtest can not create ticket,
> because of lacking permissions.
>
> Trac [/opt/bloodhound/bloodhound]> permission list
>
> User Action
> ----------------------
> bhtest WIKI_VIEW
> tlempart TRAC_ADMIN
>
Up to this point this is what is expected to happen for user bhtest in
global scope
1. Wiki pages will be displayed
2. QCT will be shown , but ...
3. inline new ticket form will not be displayed ...
4. ... but a warning message instead (no TICKET_CREATE ...)
> Trac [/opt/bloodhound/bloodhound]> product admin p1 permission list
>
> User Action
> -------------------------
> bhtest TICKET_CREATE
>
... in product p1 scope :
5. Wiki pages will not be displayed
6. QCT will not be shown in wiki page (because of the error) ...
7. ... but will be rendered in p1' s /newticket form
8. ... and inline new ticket form will be fully functional
9. ... and product combo box will include p1 but not p2
> Trac [/opt/bloodhound/bloodhound]> product admin p2 permission list
>
> User Action
> -----------------
>
In product p2 :
10. Wiki pages will not be displayed
11. QCT will not be shown in wiki page (because of the error) ...
12. ... access to p2' s /newticket form will be forbidden
13. ... hence QCT will not be shown in that page either ...
> If I add permission for global settings:
>
> Trac [/opt/bloodhound/bloodhound]> permission add bhtest TICKET_CREATE
>
> Trac [/opt/bloodhound/bloodhound]> permission list
>
> User Action
> -------------------------
> bhtest TICKET_CREATE
> bhtest WIKI_VIEW
> tlempart TRAC_ADMIN
>
> than user bhtest can create ticket for both products, what IMHO is wrong.
>
after doing so
... in **global** scope :
14. Wiki pages will be displayed
15. QCT will be shown ...
17. ... and inline new ticket form will be fully functional
18. ... and product combo box will include p1 but not p2
... and all other conditions above for p1 and p2 remain unchanged .
> I use the latest version of BloodHound 0.7.
>
jftr, this has been developed against /trunk and should be released in
forthcoming 0.8
Is this ok ?
[...]
--
Regards,
Olemis - @olemislc
Re: Real product separation
Posted by Tomasz Lempart <tl...@gmail.com>.
Hi,
thank you for taking the time to check this, but my case is different.
My original question was: "Is there possibility to configure bloodhound
in such way, that one user can create and see issues only for one
product?". In your case bhtest see both products.
For the following configuration user bhtest can not create ticket,
because of lacking permissions.
Trac [/opt/bloodhound/bloodhound]> permission list
User Action
----------------------
bhtest WIKI_VIEW
tlempart TRAC_ADMIN
Trac [/opt/bloodhound/bloodhound]> product admin p1 permission list
User Action
-------------------------
bhtest TICKET_CREATE
Trac [/opt/bloodhound/bloodhound]> product admin p2 permission list
User Action
-----------------
If I add permission for global settings:
Trac [/opt/bloodhound/bloodhound]> permission add bhtest TICKET_CREATE
Trac [/opt/bloodhound/bloodhound]> permission list
User Action
-------------------------
bhtest TICKET_CREATE
bhtest WIKI_VIEW
tlempart TRAC_ADMIN
than user bhtest can create ticket for both products, what IMHO is wrong.
I use the latest version of BloodHound 0.7.
> On 9/26/13, Tomasz Lempart <tl...@gmail.com> wrote:
>> Hello bloodhound team,
>>
> Hi !
>
> Below I'll mention the results I've got running 0.7 , which seems to
> match your deployment (... isn't it ?) . I'll always write URLs
> relative to the environment base URL
>
> [...]
>> For example I have user U and products P1 and P2.
> Products p1 and p2 created . User bhtest registered
>
> {{{#!sh
>
> $ trac-admin /path/to/env/
> Welcome to trac-admin 1.0.1
> Interactive Trac administration console.
> Copyright (C) 2003-2013 Edgewall Software
>
> Type: '?' or 'help' for help on commands.
>
> Trac [/path/to/env]> product list
>
> Prefix Owner Name
> ------------------------
> test Default
> p1 admin Product 1
> p2 admin Product 2
>
>
> }}}
>
>> When I add permission
>> TICKET_CREATE for user U in product P1 and not in (Global Settings)
> User bhtest granted with TICKET_CREATE permission in product p1 ,
> which is in turn revoked in global scope
>
> {{{#!sh
>
> Trac [/path/to/env]> permission list
>
> User Action
> ------------------------------
> admin TRAC_ADMIN
> anonymous BROWSER_VIEW
> anonymous CHANGESET_VIEW
> anonymous FILE_VIEW
> anonymous LOG_VIEW
> anonymous MILESTONE_VIEW
> anonymous PRODUCT_VIEW
> anonymous REPORT_SQL_VIEW
> anonymous REPORT_VIEW
> anonymous ROADMAP_VIEW
> anonymous SEARCH_VIEW
> anonymous TICKET_VIEW
> anonymous TIMELINE_VIEW
> anonymous WIKI_VIEW
> authenticated PRODUCT_VIEW
> authenticated TICKET_MODIFY
> authenticated WIKI_CREATE
> authenticated WIKI_MODIFY
>
>
> Available actions:
> ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
> CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
> LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
> MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
> PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
> PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
> REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
> SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
> TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
> TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
> TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
> WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
>
> Trac [/path/to/env]> product admin p1 permission list
>
> User Action
> ------------------------------
> anonymous BROWSER_VIEW
> anonymous CHANGESET_VIEW
> anonymous FILE_VIEW
> anonymous LOG_VIEW
> anonymous MILESTONE_VIEW
> anonymous REPORT_SQL_VIEW
> anonymous REPORT_VIEW
> anonymous ROADMAP_VIEW
> anonymous SEARCH_VIEW
> anonymous TICKET_VIEW
> anonymous TIMELINE_VIEW
> anonymous WIKI_VIEW
> authenticated TICKET_CREATE
> authenticated TICKET_MODIFY
> authenticated WIKI_CREATE
> authenticated WIKI_MODIFY
>
>
> Available actions:
> ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
> CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
> LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
> MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
> PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
> PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
> REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
> SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
> TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
> TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
> TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
> WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
>
> Trac [/path/to/env]> product admin p2 permission list
>
> User Action
> ------------------------------
> anonymous BROWSER_VIEW
> anonymous CHANGESET_VIEW
> anonymous FILE_VIEW
> anonymous LOG_VIEW
> anonymous MILESTONE_VIEW
> anonymous REPORT_SQL_VIEW
> anonymous REPORT_VIEW
> anonymous ROADMAP_VIEW
> anonymous SEARCH_VIEW
> anonymous TICKET_VIEW
> anonymous TIMELINE_VIEW
> anonymous WIKI_VIEW
> authenticated TICKET_CREATE
> authenticated TICKET_MODIFY
> authenticated WIKI_CREATE
> authenticated WIKI_MODIFY
>
>
> Available actions:
> ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
> CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
> LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
> MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
> PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
> PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
> REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
> SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
> TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
> TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
> TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
> WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
>
> }}}
>
>> then
>> P1 cannot add new ticket, beacuse Bloodhound show messages:
>>
>> "TICKET_CREATE privileges are required to perform this operation. You
>> don't have the required permissions Please contact your administrator or
>> team leader to request these."
>>
> After bhtest login
>
> 1. In /
> * QCT is not visible
> 2. In /products/p1
> * QCT is visible
> * both p1 and p2 available in product drop down
> * new ticket submissions are ok
> 3. In /products/p2
> * QCT is visible
> * both p1 and p2 available in product drop down
> * new ticket submissions are ok
>
>> If I add permission TICKET_CREATE also in (Global Settings), then user U
>> can see both products in create ticket popup and can create tickets for
>> both products.
> After adding permissions to bhtest user
>
> {{{#!sh
>
> Trac [/path/to/env]> permission add bhtest TICKET_CREATE
> Trac [/path/to/env]> permission list
>
> User Action
> ------------------------------
> admin TRAC_ADMIN
> anonymous BROWSER_VIEW
> anonymous CHANGESET_VIEW
> anonymous FILE_VIEW
> anonymous LOG_VIEW
> anonymous MILESTONE_VIEW
> anonymous PRODUCT_VIEW
> anonymous REPORT_SQL_VIEW
> anonymous REPORT_VIEW
> anonymous ROADMAP_VIEW
> anonymous SEARCH_VIEW
> anonymous TICKET_VIEW
> anonymous TIMELINE_VIEW
> anonymous WIKI_VIEW
> authenticated PRODUCT_VIEW
> authenticated TICKET_MODIFY
> authenticated WIKI_CREATE
> authenticated WIKI_MODIFY
> bhtest TICKET_CREATE
>
>
> Available actions:
> ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
> CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
> LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
> MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
> PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
> PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
> REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
> SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
> TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
> TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
> TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
> WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
>
> }}}
>
> 1. In /
> * QCT is visible
> * both p1 and p2 available in product drop down
> * new ticket submissions are ok
> 2. In /products/p1
> * QCT is visible
> * both p1 and p2 available in product drop down
> * new ticket submissions are ok
> 3. In /products/p2
> * QCT is visible
> * both p1 and p2 available in product drop down
> * new ticket submissions are ok
>
> AFAICT all this is expected behavior , cmiiw
>
Re: Real product separation
Posted by Olemis Lang <ol...@gmail.com>.
On 9/26/13, Tomasz Lempart <tl...@gmail.com> wrote:
> Hello bloodhound team,
>
Hi !
Below I'll mention the results I've got running 0.7 , which seems to
match your deployment (... isn't it ?) . I'll always write URLs
relative to the environment base URL
[...]
>
> For example I have user U and products P1 and P2.
Products p1 and p2 created . User bhtest registered
{{{#!sh
$ trac-admin /path/to/env/
Welcome to trac-admin 1.0.1
Interactive Trac administration console.
Copyright (C) 2003-2013 Edgewall Software
Type: '?' or 'help' for help on commands.
Trac [/path/to/env]> product list
Prefix Owner Name
------------------------
test Default
p1 admin Product 1
p2 admin Product 2
}}}
> When I add permission
> TICKET_CREATE for user U in product P1 and not in (Global Settings)
User bhtest granted with TICKET_CREATE permission in product p1 ,
which is in turn revoked in global scope
{{{#!sh
Trac [/path/to/env]> permission list
User Action
------------------------------
admin TRAC_ADMIN
anonymous BROWSER_VIEW
anonymous CHANGESET_VIEW
anonymous FILE_VIEW
anonymous LOG_VIEW
anonymous MILESTONE_VIEW
anonymous PRODUCT_VIEW
anonymous REPORT_SQL_VIEW
anonymous REPORT_VIEW
anonymous ROADMAP_VIEW
anonymous SEARCH_VIEW
anonymous TICKET_VIEW
anonymous TIMELINE_VIEW
anonymous WIKI_VIEW
authenticated PRODUCT_VIEW
authenticated TICKET_MODIFY
authenticated WIKI_CREATE
authenticated WIKI_MODIFY
Available actions:
ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
Trac [/path/to/env]> product admin p1 permission list
User Action
------------------------------
anonymous BROWSER_VIEW
anonymous CHANGESET_VIEW
anonymous FILE_VIEW
anonymous LOG_VIEW
anonymous MILESTONE_VIEW
anonymous REPORT_SQL_VIEW
anonymous REPORT_VIEW
anonymous ROADMAP_VIEW
anonymous SEARCH_VIEW
anonymous TICKET_VIEW
anonymous TIMELINE_VIEW
anonymous WIKI_VIEW
authenticated TICKET_CREATE
authenticated TICKET_MODIFY
authenticated WIKI_CREATE
authenticated WIKI_MODIFY
Available actions:
ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
Trac [/path/to/env]> product admin p2 permission list
User Action
------------------------------
anonymous BROWSER_VIEW
anonymous CHANGESET_VIEW
anonymous FILE_VIEW
anonymous LOG_VIEW
anonymous MILESTONE_VIEW
anonymous REPORT_SQL_VIEW
anonymous REPORT_VIEW
anonymous ROADMAP_VIEW
anonymous SEARCH_VIEW
anonymous TICKET_VIEW
anonymous TIMELINE_VIEW
anonymous WIKI_VIEW
authenticated TICKET_CREATE
authenticated TICKET_MODIFY
authenticated WIKI_CREATE
authenticated WIKI_MODIFY
Available actions:
ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
}}}
> then
> P1 cannot add new ticket, beacuse Bloodhound show messages:
>
> "TICKET_CREATE privileges are required to perform this operation. You
> don't have the required permissions Please contact your administrator or
> team leader to request these."
>
After bhtest login
1. In /
* QCT is not visible
2. In /products/p1
* QCT is visible
* both p1 and p2 available in product drop down
* new ticket submissions are ok
3. In /products/p2
* QCT is visible
* both p1 and p2 available in product drop down
* new ticket submissions are ok
> If I add permission TICKET_CREATE also in (Global Settings), then user U
> can see both products in create ticket popup and can create tickets for
> both products.
After adding permissions to bhtest user
{{{#!sh
Trac [/path/to/env]> permission add bhtest TICKET_CREATE
Trac [/path/to/env]> permission list
User Action
------------------------------
admin TRAC_ADMIN
anonymous BROWSER_VIEW
anonymous CHANGESET_VIEW
anonymous FILE_VIEW
anonymous LOG_VIEW
anonymous MILESTONE_VIEW
anonymous PRODUCT_VIEW
anonymous REPORT_SQL_VIEW
anonymous REPORT_VIEW
anonymous ROADMAP_VIEW
anonymous SEARCH_VIEW
anonymous TICKET_VIEW
anonymous TIMELINE_VIEW
anonymous WIKI_VIEW
authenticated PRODUCT_VIEW
authenticated TICKET_MODIFY
authenticated WIKI_CREATE
authenticated WIKI_MODIFY
bhtest TICKET_CREATE
Available actions:
ACCTMGR_ADMIN, ACCTMGR_CONFIG_ADMIN, ACCTMGR_USER_ADMIN, BROWSER_VIEW,
CHANGESET_VIEW, CONFIG_VIEW, DASHBOARD_VIEW, EMAIL_VIEW, FILE_VIEW,
LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
PERMISSION_REVOKE, PRODUCT_ADMIN, PRODUCT_CREATE, PRODUCT_DELETE,
PRODUCT_MODIFY, PRODUCT_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
TRAC_ADMIN, USER_VIEW, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE,
WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
}}}
1. In /
* QCT is visible
* both p1 and p2 available in product drop down
* new ticket submissions are ok
2. In /products/p1
* QCT is visible
* both p1 and p2 available in product drop down
* new ticket submissions are ok
3. In /products/p2
* QCT is visible
* both p1 and p2 available in product drop down
* new ticket submissions are ok
AFAICT all this is expected behavior , cmiiw
--
Regards,
Olemis - @olemislc
Re: Real product separation
Posted by Joachim Dreimann <jo...@wandisco.com>.
Interesting.. I've not had time to test this yet but I'm forwarding this to
the dev@ mailing list for better visibility.
- Joe
On 26 September 2013 07:10, Tomasz Lempart <tl...@gmail.com> wrote:
> Hello bloodhound team,
>
> multiproduct functionality for trac is that what I waited a long time.
> Is there possibility to configure bloodhound in such way, that one user can
> create and see issues only for one product?
>
> For example I have user U and products P1 and P2. When I add permission
> TICKET_CREATE for user U in product P1 and not in (Global Settings) then P1
> cannot add new ticket, beacuse Bloodhound show messages:
>
> "TICKET_CREATE privileges are required to perform this operation. You
> don't have the required permissions Please contact your administrator or
> team leader to request these."
>
> If I add permission TICKET_CREATE also in (Global Settings), then user U
> can see both products in create ticket popup and can create tickets for
> both products.
>
> Best regards
> Tomasz Lempart
>