Modify

Opened 6 years ago

Closed 5 years ago

#3642 closed defect (fixed)

[0.11][patch] Ticket update action require TICKET_MODIFY permission instead of TICKET_ADMIN

Reported by: anonymous Owned by: osimons
Priority: highest Component: XmlRpcPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

Currently resolve action require TICKET_ADMIN permission

Attachments (2)

tracrpc.svn.diff (882 bytes) - added by anonymous 6 years ago.
patch
clipboard.txt (2.2 KB) - added by stp 5 years ago.
Patch from http://trac-hacks.org/attachment/ticket/1075/ticket-validate.diff

Download all attachments as: .zip

Change History (9)

Changed 6 years ago by anonymous

patch

comment:1 Changed 5 years ago by osimons

#3835 closed as duplicate.

comment:2 Changed 5 years ago by stp

  • Priority changed from normal to highest
  • Summary changed from Ticket update action require TICKET_MODIFY permission insted of TICKET_ADMIN to [0.11] Ticket update action require TICKET_MODIFY permission instead of TICKET_ADMIN
  • Trac Release changed from 0.10 to 0.11

comment:3 Changed 5 years ago by stp

  • Summary changed from [0.11] Ticket update action require TICKET_MODIFY permission instead of TICKET_ADMIN to [0.11][patch] Ticket update action require TICKET_MODIFY permission instead of TICKET_ADMIN

comment:4 Changed 5 years ago by osimons

  • Owner changed from athomas to osimons

With workflow, the actual answer is: It depends. With the latest workflow patch on #1075, I'm using the Trac ticket update infrastructure to validate ticket - including any permissions. If the user isn't allowed through web, he/she won't be allowed to make the update using xmlrpc anyway. I'll update the patch to set TICKET_VIEW as minimum needed permission.

comment:5 Changed 5 years ago by stp

Sounds good. We can probably mark this as duplicate then.

comment:6 Changed 5 years ago by osimons

Nah. Not really a duplicate - I'll close it together with other tickets as fixed after commit.

comment:7 Changed 5 years ago by osimons

  • Resolution set to fixed
  • Status changed from new to closed

Fixed as part of [6045].

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.