Modify ↓
Opened 16 years ago
Closed 15 years ago
#3642 closed defect (fixed)
[0.11][patch] Ticket update action require TICKET_MODIFY permission instead of TICKET_ADMIN
| Reported by: | anonymous | Owned by: | osimons |
|---|---|---|---|
| Priority: | highest | Component: | XmlRpcPlugin |
| Severity: | normal | Keywords: | |
| Cc: | Trac Release: | 0.11 |
Description
Currently resolve action require TICKET_ADMIN permission
Attachments (2)
Change History (9)
Changed 16 years ago by
| Attachment: | tracrpc.svn.diff added |
|---|
Changed 15 years ago by
| Attachment: | clipboard.txt added |
|---|
comment:2 Changed 15 years ago by
| Priority: | normal → highest |
|---|---|
| Summary: | Ticket update action require TICKET_MODIFY permission insted of TICKET_ADMIN → [0.11] Ticket update action require TICKET_MODIFY permission instead of TICKET_ADMIN |
| Trac Release: | 0.10 → 0.11 |
comment:3 Changed 15 years ago by
| Summary: | [0.11] Ticket update action require TICKET_MODIFY permission instead of TICKET_ADMIN → [0.11][patch] Ticket update action require TICKET_MODIFY permission instead of TICKET_ADMIN |
|---|
comment:4 Changed 15 years ago by
| Owner: | changed from Alec Thomas to osimons |
|---|
With workflow, the actual answer is: It depends. With the latest workflow patch on #1075, I'm using the Trac ticket update infrastructure to validate ticket - including any permissions. If the user isn't allowed through web, he/she won't be allowed to make the update using xmlrpc anyway. I'll update the patch to set TICKET_VIEW as minimum needed permission.
comment:6 Changed 15 years ago by
Nah. Not really a duplicate - I'll close it together with other tickets as fixed after commit.
Note: See
TracTickets for help on using
tickets.
patch