#7560 Avoid weird permissions when anonymous creates a private ticket


In the _set_private method, the creator of a ticket gets read rights to the ticket. But if that is an anonymous user, then the ticket is readable by everyone. To avoid that situation altogether, we could prompt them if they try to mark as private, and notify that they will need to login to make a private ticket.


  • Dave Brondsema

    Dave Brondsema - 2014-07-10

    Also need to handle when anonymous creates a (public) ticket and an admin later needs to set it private. The admin should be able to do that, and the owner (anonymous) shouldn't have any read rights any more.

  • Dave Brondsema

    Dave Brondsema - 2014-08-11
    • labels: ux, bitesize --> ux, bitesize, 42cc
    • status: open --> in-progress
    • assigned_to: Igor Bondarenko
  • Igor Bondarenko

    Igor Bondarenko - 2014-08-18

    Closed #630. je/42cc_7560

  • Igor Bondarenko

    Igor Bondarenko - 2014-08-18
    • status: in-progress --> code-review
  • Dave Brondsema

    Dave Brondsema - 2014-09-24
    • status: code-review --> closed
    • QA: Dave Brondsema
    • Milestone: forge-backlog --> forge-oct-3
  • Dave Brondsema

    Dave Brondsema - 2015-01-05
    • Milestone: unreleased --> asf_release_1.2.0

Log in to post a comment.