Opened 15 years ago
Last modified 4 years ago
#4619 new defect
the permission checked for is SENSITIVE_VIEW but viewing tickets shows a TICKET_VIEW permission error
| Reported by: | Jeff Hammel | Owned by: | |
|---|---|---|---|
| Priority: | low | Component: | SensitiveTicketsPlugin |
| Severity: | minor | Keywords: | error wording |
| Cc: | Jeff Hammel, Mitar | Trac Release: | 0.11 |
Description
on tickets marked as Sensitive, viewing them shows the following message
Forbidden: TICKET_VIEW privileges needed.
The permission checked for is SENSITIVE_VIEW.
Note that this is not necessarily undesirable. While no real security is provided by hiding evidence that the ticket is sensitive, neither does it hurt the functionality of the SensitiveTicketsPlugin. Since the trac tickets are ordered, anyone seeking to know which tickets are sensitive can request them incrementally.
Attachments (0)
Change History (7)
comment:1 Changed 15 years ago by
| Cc: | Mitar added |
|---|
comment:2 Changed 14 years ago by
| Owner: | changed from Sebastian Benthall to obs |
|---|
comment:3 Changed 12 years ago by
| Keywords: | error wording added |
|---|---|
| Owner: | changed from obs to Daniel Kahn Gillmor |
assign to new maintainer, again
comment:4 Changed 12 years ago by
I'm not sure how i would do this given the trac framework. I also don't particularly have a need for such a change.
However, if anyone wants to offer a patch that does this, i'll happily integrate it!
comment:5 follow-up: 6 Changed 12 years ago by
| Priority: | low → highest |
|---|---|
| Severity: | trivial → blocker |
Ticket creator cannot see the ticket even not reply. Ticket sender must have permission to view tickets and replied answer.
also tried to ticket_view permission sensitive_view open all the tickets which is not acceptale
comment:6 Changed 12 years ago by
| Priority: | highest → low |
|---|---|
| Severity: | blocker → minor |
Hi there Anonymous -- I understand you want something to change, but please do not inflate the priority or severity of a ticket without providing justification for it. I'm pretty sure this issue is not a blocker, and it certainly isn't my highest priority as maintainer of the SensitiveTicketsPlugin.
Replying to anonymous:
Ticket creator cannot see the ticket even not reply. Ticket sender must have permission to view tickets and replied answer.
if you would like this behavior, i advise you to set allow_reporter in the [sensitivetickets] section of conf/trac.ini, as documented in newer versions of the plugin.
However, I don't think this particular behavior has any bearing on this ticket, which is about the content of the error message shown.
also tried to ticket_view permission sensitive_view open all the tickets which is not acceptale
Correct, those are distinct permissions.
As i said in comment:4, i don't know how to do this cleanly within the trac framework, but i'd be happy to integrate a patch that does.
comment:7 Changed 4 years ago by
| Owner: | Daniel Kahn Gillmor deleted |
|---|
I still vote for fixing this so users of my Trac will not yell at me "you removed my privileges" but will be able to understand that this is a different privilege.