Tickets marked as private get assigned a restricted ACL that limits ticket access to project developers and the ticket creator. Only these users will see private tickets in the ticket list and in ticket search results.
To test:
Login to Allura as admin1.
Create a ticket. Make the summary 'Foo Ticket'. Check the 'Mark as Private' checkbox. Save the ticket. Take note of the ticket number.
Go back to the ticket list. Foo Ticket should appear in the list.
Search for 'foo'. Foo Ticket should appear in the search results.
Log out and login as 'test-user'.
Go to the Tickets page on the 'test' project. You should see zero tickets since admin1 created a private ticket and you're not an admin.
On the Tickets page, search for 'foo'. You should get zero results.
Try to go directly to Foo Ticket (/p/test/bugs/foo_ticket_num_here). You should be redirected to the login page. Click Back.
Create a ticket. Make the summary 'Bar Ticket'. Check the 'Mark as Private' checkbox. Save the ticket. Take note of the ticket number.
Go back to the ticket list. Bar Ticket should appear in the list.
Search for 'ticket'. Only Bar Ticket should appear in the search results.
Create another ticket but don't mark it as private.
Log out.
As an anonymous user, go to the Tickets page of the 'test' project.
You should only see the public ticket. Try searching for 'foo' and 'bar' and make sure the private tickets don't appear in the results.
Try to access the private tickets directly and make sure you can't.
Try anything else you can think of to get access to the private tickets and make sure you can't.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
--- old +++ new @@ -1,6 +1,6 @@
Once ACL support is in place [#1909], add a 'private' flag to tickets which updates their ACL to the following:
-* (ALLOW, Admins, *)+* (ALLOW, Developers, *)
* (ALLOW, *reporting user*, *)
* (DENY, *, *)
forge:tv/1940
Synopsis
Tickets marked as private get assigned a restricted ACL that limits ticket access to project developers and the ticket creator. Only these users will see private tickets in the ticket list and in ticket search results.
To test:
Diff:
Related
Tickets:
#1909Tested fine, merging to dev now.