SensitiveTickets
Hide sensitive tickets with a checkbox.
Description
SensitiveTickets is a plugin that lets users mark tickets as "sensitive" with a checkbox on the ticket form. Sensitive tickets are viewable only to those with the SENSITIVE_VIEW permission.
Beware: Hooks that send mail on ticket changes will still send mail for sensitive tickets; this may not be what you want.
This plugin is supported on trac 0.11.6 or higher.
Examples
A user submits a security related ticket to a project's Trac, which is generally open to the public. They mark it as "Sensitive" so that only people in the internal team that deal with security issues can see the ticket.
A team uses Trac to handle its business development tasks, but wants to leave the record open for all. Some tasks, however--say, dealing with difficult clients--are sensitive. Those tickets are marked as sensitive and hidden to others but viewable by the business development team.
History/Related
The plugin is based on the example vulnerability_tickets.py but uses a checkbox instead of text in the summary or keywords to mark a ticket as sensitive.
See also: PrivateTicketsPlugin.
Configuration
Once this plugin is enabled, you'll have to insert it at the appropriate place in your list of permission policies, e.g.
[trac] permission_policies = SensitiveTicketsPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy
Users with SENSITIVE_VIEW privileges will be able to see and act on tickets marked sensitive, as will any user configured to be able to bypass the sensitive marker (e.g. if the user is the ticket owner or reporter, or is in the CC field, and the associated flags are set in [sensitivetickets] section of trac.ini.
This plugin also adds the SENSITIVE_ACTIVITY_VIEW permission, which is narrower in scope than SENSITIVE_VIEW. Accounts with SENSITIVE_ACTIVITY_VIEW will be able to see activity on sensitive material in the timeline, but will only be able to identify it by ticket number, comment number, and timestamp. All other content will be redacted. SENSITIVE_ACTIVITY_VIEW can be useful (for example) for providing a notification daemon the ability to tell that some activity happened without leaking the content of that activity.
Needs an environment upgrade (or just adding the appropriate stanza to [ticket-custom] in trac.ini after enabling.
Bugs/Feature Requests
Existing bugs and feature requests for SensitiveTicketsPlugin are here.
If you have any issues, create a new ticket.
Source & Download
You can check out SensitiveTicketsPlugin from here using Subversion, or browse the source with Trac.
Download the zipped source from here.
Recent Changes
[11294] by dkgdkg on 02/21/12 06:51:25
change REDACTED_SENSITIVE_ACTIVITY_VIEW to SENSITIVE_ACTIVITY_VIEW.
This is a backwards-incompatible change, but i think it's ok given that REDACTED_SENSITIVE_ACTIVITY_VIEW has only been available for a day or so.
(bumped version number to 0.21)
[11293] by dkgdkg on 02/21/12 06:51:10
ensure that we are using a modern version of trac. (see http://trac-hacks.org/ticket/8863#comment:6)
[11291] by dkgdkg on 02/20/12 06:38:15
consider this release of SensitiveTicketsPlugin to be 0.20 (this version inflation is to avoid having people mistake the plugin version number for the trac core version number)
[11290] by dkgdkg on 02/20/12 06:03:46
update version number; add my name to the author list; change author e-mail to my own, since i am now the author of the majority of the plugin in addition to being responsible for it upstream
Author/Contributors
Authors: sbenthall, dkgdkg
Maintainer: dkgdkg
Contributors: k0s, obs
