Modify

Opened 6 years ago

Closed 5 years ago

#3642 closed defect (fixed)

[0.11][patch] Ticket update action require TICKET_MODIFY permission instead of TICKET_ADMIN

Reported by: anonymous Owned by: osimons
Priority: highest Component: XmlRpcPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

Currently resolve action require TICKET_ADMIN permission

Attachments (2)

tracrpc.svn.diff (882 bytes) - added by anonymous 6 years ago.
patch
clipboard.txt (2.2 KB) - added by stp 5 years ago.
Patch from http://trac-hacks.org/attachment/ticket/1075/ticket-validate.diff

Download all attachments as: .zip

Change History (9)

Changed 6 years ago by anonymous

patch

comment:1 Changed 5 years ago by osimons

#3835 closed as duplicate.

comment:2 Changed 5 years ago by stp

  • Priority changed from normal to highest
  • Summary changed from Ticket update action require TICKET_MODIFY permission insted of TICKET_ADMIN to [0.11] Ticket update action require TICKET_MODIFY permission instead of TICKET_ADMIN
  • Trac Release changed from 0.10 to 0.11

comment:3 Changed 5 years ago by stp

  • Summary changed from [0.11] Ticket update action require TICKET_MODIFY permission instead of TICKET_ADMIN to [0.11][patch] Ticket update action require TICKET_MODIFY permission instead of TICKET_ADMIN

comment:4 Changed 5 years ago by osimons

  • Owner changed from athomas to osimons

With workflow, the actual answer is: It depends. With the latest workflow patch on #1075, I'm using the Trac ticket update infrastructure to validate ticket - including any permissions. If the user isn't allowed through web, he/she won't be allowed to make the update using xmlrpc anyway. I'll update the patch to set TICKET_VIEW as minimum needed permission.

comment:5 Changed 5 years ago by stp

Sounds good. We can probably mark this as duplicate then.

comment:6 Changed 5 years ago by osimons

Nah. Not really a duplicate - I'll close it together with other tickets as fixed after commit.

comment:7 Changed 5 years ago by osimons

  • Resolution set to fixed
  • Status changed from new to closed

Fixed as part of [6045].

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from osimons. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.