#7560 Avoid weird permissions when anonymous creates a private ticket

v1.2.0
closed
Igor Bondarenko
ux (103) bitesize (76) 42cc (432)
General
Dave Brondsema
2015-08-20
2014-07-10
Dave Brondsema
No

In the _set_private method, the creator of a ticket gets read rights to the ticket. But if that is an anonymous user, then the ticket is readable by everyone. To avoid that situation altogether, we could prompt them if they try to mark as private, and notify that they will need to login to make a private ticket.

Discussion

  • Dave Brondsema

    Dave Brondsema - 2014-07-10

    Also need to handle when anonymous creates a (public) ticket and an admin later needs to set it private. The admin should be able to do that, and the owner (anonymous) shouldn't have any read rights any more.

     

  • Dave Brondsema

    Dave Brondsema - 2014-08-11
    • labels: ux, bitesize --> ux, bitesize, 42cc
    • status: open --> in-progress
    • assigned_to: Igor Bondarenko
     

  • Igor Bondarenko - 2014-08-18

    Closed #630. je/42cc_7560

     

  • Igor Bondarenko - 2014-08-18
    • status: in-progress --> code-review
     

  • Dave Brondsema

    Dave Brondsema - 2014-09-24
    • status: code-review --> closed
    • QA: Dave Brondsema
    • Milestone: forge-backlog --> forge-oct-3
     

  • Dave Brondsema

    Dave Brondsema - 2015-01-05
    • Milestone: unreleased --> asf_release_1.2.0
     

Log in to post a comment.