Modify

Opened 6 years ago

Closed 6 years ago

#3097 closed enhancement (fixed)

Allowing user exceptions of private ticket restriction

Reported by: kgabor@… Owned by: coderanger
Priority: normal Component: PrivateTicketsPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

Currently, if a user has none of the introduced new permissions (TICKET_VIEW_*) of PrivateTicketsPlugin, PrivateTicketsPlugin denies access and therefore user has permission denied whether it has the ordinary TICKET_VIEW or not. It would be better to simply do nothing by the plugin if no TICKET_VIEW_* permission present and so it would restore default permission checking for this particular user. In other words, missing of all extra permission would be an exceptional case similar to TRAC_ADMIN in policy.py.

Attachments (0)

Change History (1)

comment:1 Changed 6 years ago by coderanger

  • Resolution set to fixed
  • Status changed from new to closed

(In [3751]) If user has none of the special permissions, fall-through to the next policy. Also enforce privatetickets permissions on any sub-resource (eg. attachments) of a ticket. (closes #3097)

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.