non ticket owner can still have ticket action
|Reported by:||anonymous||Owned by:||normanr|
|Severity:||critical||Keywords:||none ticket owner has ticket actions|
Good to find this plugin. But not ticket owner still permit for ticket actions.
group_blacklist = anonymous, authenticated
virtualticketpermissions.* = enabled
permission_policies = DefaultPermissionPolicy, LegacyAttachmentPolicy, VirtualTicketPermissionsPolicy
accept = new,reopened -> working
accept.operations = set_owner_to_self
accept.permissions = TICKET_IS_OWNER
assign = new -> new
assign.operations = set_owner
assign.permissions = TICKET_IS_OWNER
User: op, tester has TICKET_IS_OWNER_GROUP permission. op and tester are belong to different groups. Ticket 1 is created and owned by op. But tester can still accept, assign ticket 1.
As my mean tester should not permit to own ticket 1 any actions because it is not ticket 1 owner. What's wrong now?
Change History (6)
comment:5 Changed 5 years ago by anonymous
- Cc zhijiex@… removed
- Resolution set to wontfix
- Status changed from new to closed