#1940 Update tracker to handle private flag on tickets

v1.0.0
closed
John Hoffman
sf-2 (994)
Tracker
nobody
2015-08-20
2011-04-13
Rick Copeland
No

Once ACL support is in place [#1909], add a 'private' flag to tickets which updates their ACL to the following:

  • (ALLOW, Developers, *)
  • (ALLOW, reporting user, *)
  • (DENY, , )

When the checkbox is selected, the ACL is added to the ticket. When it is deselected, the ACL is removed.

Related

Tickets: #1787
Tickets: #1909

Discussion

  • Tim Van Steenburgh - 2011-05-12
    • status: open --> in-progress
    • assigned_to: Tim Van Steenburgh
     

  • Tim Van Steenburgh - 2011-05-16

    forge:tv/1940

    Synopsis

    Tickets marked as private get assigned a restricted ACL that limits ticket access to project developers and the ticket creator. Only these users will see private tickets in the ticket list and in ticket search results.

    To test:

    1. Login to Allura as admin1.
    2. Create a ticket. Make the summary 'Foo Ticket'. Check the 'Mark as Private' checkbox. Save the ticket. Take note of the ticket number.
    3. Go back to the ticket list. Foo Ticket should appear in the list.
    4. Search for 'foo'. Foo Ticket should appear in the search results.
    5. Log out and login as 'test-user'.
    6. Go to the Tickets page on the 'test' project. You should see zero tickets since admin1 created a private ticket and you're not an admin.
    7. On the Tickets page, search for 'foo'. You should get zero results.
    8. Try to go directly to Foo Ticket (/p/test/bugs/foo_ticket_num_here). You should be redirected to the login page. Click Back.
    9. Create a ticket. Make the summary 'Bar Ticket'. Check the 'Mark as Private' checkbox. Save the ticket. Take note of the ticket number.
    10. Go back to the ticket list. Bar Ticket should appear in the list.
    11. Search for 'ticket'. Only Bar Ticket should appear in the search results.
    12. Create another ticket but don't mark it as private.
    13. Log out.
    14. As an anonymous user, go to the Tickets page of the 'test' project.
    15. You should only see the public ticket. Try searching for 'foo' and 'bar' and make sure the private tickets don't appear in the results.
    16. Try to access the private tickets directly and make sure you can't.
    17. Try anything else you can think of to get access to the private tickets and make sure you can't.
     

  • Tim Van Steenburgh - 2011-05-16
    • status: in-progress --> code-review
    • assigned_to: Tim Van Steenburgh --> John Hoffmann
     

  • Tim Van Steenburgh - 2011-05-18
    • Description has changed:

    Diff:

    --- old 
+++ new 
@@ -1,6 +1,6 @@
 Once ACL support is in place [#1909], add a 'private' flag to tickets which updates their ACL to the following:

-* (ALLOW, Admins, *)
+* (ALLOW, Developers, *)
 * (ALLOW, *reporting user*, *)
 * (DENY, *, *)
     

    Related

    Tickets: #1909

  • John Hoffman - 2011-05-18

    Tested fine, merging to dev now.

     

  • John Hoffman - 2011-05-18
    • status: code-review --> closed
     

Log in to post a comment.