Changes between Version 4 and Version 5 of TracPermissions

Timestamp:

Feb 1, 2021, 2:06:05 PM (4 years ago)

Author:

trac

Comment:

--

TracPermissions

@@ -13 +13 @@
 == Graphical Admin Tab
 
-To access this tab, a user must have one of the following permissions: `TRAC_ADMIN`, `PERMISSION_ADMIN`, `PERMISSION_GRANT`, `PERMISSION_REVOKE`. The permissions can be granted using the `trac-admin` command (more on `trac-admin` below):
+To access this tab, a user must have one of the following permissions: `TRAC_ADMIN`, `PERMISSION_ADMIN`, `PERMISSION_GRANT`, `PERMISSION_REVOKE`. The permissions can be granted using the `trac-admin` command with a more detailed description [#GrantingPrivileges below]:
 {{{#!sh
 $ trac-admin /path/to/projenv permission add bob TRAC_ADMIN
@@ -30 +30 @@
 == Available Privileges
 
-To enable all privileges for a user, use the `TRAC_ADMIN` permission. Having `TRAC_ADMIN` is like being `root` on a *NIX system: it will allow you to perform any operation.
-
-Otherwise, individual privileges can be assigned to users for the various different functional areas of Trac ('''note that the privilege names are case-sensitive'''):
+To enable all privileges for a user, use the `TRAC_ADMIN` permission. This permission is like being `root` on a *NIX system: it will allow you to perform any operation.
+
+Otherwise, individual privileges can be assigned to users for the different functional areas of Trac and '''note that the privilege names are uppercase''':
 
 === Repository Browser
@@ -52 +52 @@
 || `TICKET_EDIT_COMMENT` || Modify another user's comments. Any user can modify their own comments by default. ||
 || `TICKET_BATCH_MODIFY` || [TracBatchModify Batch modify] tickets ||
-|| `TICKET_ADMIN` || All `TICKET_*` permissions, deletion of ticket attachments and modification of the reporter field, which grants ability to create a ticket on behalf of another user (it will appear that another user created the ticket). It also allows managing ticket properties through the web administration module. ||
+|| `TICKET_ADMIN` || All `TICKET_*` permissions, deletion of ticket attachments and modification of the reporter field, which grants ability to create a ticket on behalf of another user and it will appear that another user created the ticket. It also allows managing ticket properties through the web administration module. ||
 
 === Roadmap
@@ -108 +108 @@
 }}}
 
+An authenticated user can delete an attachment //they added// without possessing the permission
+that grants `ATTACHMENT_DELETE`.
+
 If explicit attachment permissions are preferred, `ATTACHMENT_CREATE`, `ATTACHMENT_DELETE` and `ATTACHMENT_VIEW` can be created using the [trac:ExtraPermissionsProvider]. The simplest implementation is to simply define the actions.
 {{{#!ini
@@ -150 +153 @@
 Any user who has logged in is also in the //authenticated// group.
 The //authenticated// group inherits permissions from the //anonymous// group.
-For example, if the //anonymous// group has permission WIKI_MODIFY, 
-it is not necessary to add the WIKI_MODIFY permission to the //authenticated// group as well.
+For example, if the //anonymous// group has permission WIKI_MODIFY, it is not necessary to add the WIKI_MODIFY permission to the //authenticated// group as well.
 
 Custom groups may be defined that inherit permissions from the two built-in groups.
@@ -169 +171 @@
 Permission groups can be created by assigning a user to a group you wish to create, then assign permissions to that group.
 
-The following will add ''bob'' to the new group called ''beta_testers'' and then will assign WIKI_ADMIN permissions to that group. (Thus, ''bob'' will inherit the WIKI_ADMIN permission)
+The following will add ''bob'' to the new group called ''beta_testers'' and then will assign `WIKI_ADMIN` permissions to that group. Thus, ''bob'' will inherit the `WIKI_ADMIN` permission.
 {{{#!sh
 $ trac-admin /path/to/projenv permission add bob beta_testers
@@ -177 +179 @@
 == Removing Permissions
 
-Permissions can be removed using the 'remove' command. For example:
+Permissions can be removed using the 'remove' command.
 
 This command will prevent the user ''bob'' from deleting reports:
@@ -207 +209 @@
 //**anonymous**//
 {{{
-BROWSER_VIEW 
-CHANGESET_VIEW 
-FILE_VIEW 
-LOG_VIEW 
-MILESTONE_VIEW 
-REPORT_SQL_VIEW 
-REPORT_VIEW 
-ROADMAP_VIEW 
-SEARCH_VIEW 
-TICKET_VIEW 
+BROWSER_VIEW
+CHANGESET_VIEW
+FILE_VIEW
+LOG_VIEW
+MILESTONE_VIEW
+REPORT_SQL_VIEW
+REPORT_VIEW
+ROADMAP_VIEW
+SEARCH_VIEW
+TICKET_VIEW
 TIMELINE_VIEW
 WIKI_VIEW
@@ -223 +225 @@
 //**authenticated**//
 {{{
-TICKET_CREATE 
-TICKET_MODIFY 
-WIKI_CREATE 
-WIKI_MODIFY  
+TICKET_CREATE
+TICKET_MODIFY
+WIKI_CREATE
+WIKI_MODIFY
 }}}
 ----