There are several roles in the Scrum process that a user may fill:

  • Product owner
  • Scrum master
  • Team member

Implementation in Agilo 0.6

  • Product owner - can add new requirements, user stories and bugs, can change all tickets, can add can add/remove links between tickets
  • Scrum master - can save the tasks in the sprint backlog
  • Team member - add and change Tasks without owner, can save the tasks in the sprint backlog

The reporter and the owner of a ticket can always edit their ticket.

Implementation in Agilo 0.7

(to be completed)

  • TRAC_ADMIN can do everything
  • TICKET_ADMIN can add, delete, edit all tickets

The reporter and the owner of a ticket can always edit their ticket.

To refine this system, the new permission policy system in Trac 0.11 makes it possible to add a permission policy module (through IPermissionPolicy). If a certain action is about to be made, the policy module gets called to check if the user has the necessary permissions to do so.

A user can belong to one or more groups/roles named

  • SCRUM_MASTER
  • TICKET_OWNER
  • TEAM_MEMBER

Each role has specific actions that it can perform on certain resources (tickets, links, etc.)

The actions that would need to be checked in Agilo are:

  • TICKET_EDIT - Product owner can edit and add all tickets and ticket types, Team members can edit tasks only, reporter and owner of ticket can edit that specific ticket
  • TICKET_APPEND (comment function) - everybody can comment
  • AGILO_SAVE_REMAINING_TIME - Scrum masters can save the remaining time on each task from the Sprint Backlog overview
  • AGILO_LINK_EDIT - Product owner can change links between tickets

Actions explained

All action names are prepended with 'AGILO_'. For better readability, this prefix is ommitted in the text below.

  • MODIFY_ACTUAL_CONTINGENT - is checked when the actual ("used up") time for a contingent is modified. SCRUM_MASTER and TEAM_MEMBER have this permission automatically.

Checking permissions in Trac 0.11

In order to check if a user is allowed to do something, do

    from agilo.utils import Action

    if Action.LINK_EDIT in req.perm:
        ...

If you just want to fail with a "Not enough permissions" notice:

    req.perm.require(Action.LINK_EDIT)

If you're checking a certain object/resource for access, use (for access to an Agilo ticket):

    from agilo.utils import Action, Key

    Action.CREATE_STORY in perm(Key.AGILO_TICKET, ticket.id)

or

    req.perm(Key.AGILO_TICKET, ticket.id).require(Action.CREATE_STORY)
Last modified 10 years ago Last modified on 12/03/2008 04:02:54 PM

1.3.15 © 2008-2016 Agilo Software all rights reserved (this page was served in: 0.16811 sec.)