Modify

Opened 7 years ago

Closed 8 months ago

#1994 closed defect (wontfix)

Edit Report on another users report with TRAC_ADMIN privs misdirects to your report

Reported by: jhulten Owned by: coderanger
Priority: normal Component: PersonalReportsPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

To repro:

  1. Create two users, both with REPORT_PERSONAL priv, one with TRAC_ADMIN priv.
  2. Create a report as the non-admin user.
  3. View the report as the admin user.
  4. Click the Edit Report button.
  5. See that it gives you the admin users report, not the non-admin users report.

I suspect that (far more dangerously) delete works the same way.

Attachments (0)

Change History (1)

comment:1 Changed 8 months ago by rjollos

  • Resolution set to wontfix
  • Status changed from new to closed

This plugin is deprecated. Please see the PrivateReportsPlugin for a replacement

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.