Modify

Opened 5 years ago

Closed 3 years ago

#7114 closed defect (fixed)

Unprivileged users opening a sensitive ticket don’t know that they succeeded

Reported by: andersk Owned by: dkgdkg
Priority: normal Component: SensitiveTicketsPlugin
Severity: normal Keywords: newticket success feedback
Cc: Trac Release: 0.11

Description

If a user without SENSITIVE_VIEW permissions opens a sensitive ticket, then they do not have permission to view the ticket they just opened, and they are mysteriously redirected back to the new ticket form with no error message, and no indication that the ticket was successfully opened (even though it was).

Attachments (2)

7114.patch (2.5 KB) - added by dkgdkg 3 years ago.
patch that enables some options: allow_reporter, allow_cc (both of which default to false) and allow_owner (defaults to true)
7114.2.patch (4.3 KB) - added by dkgdkg 3 years ago.
revised patch which also adds limit_sensitivity option to prevent people from setting sensitivity on tickets they won't have access to.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 3 years ago by dkgdkg

Yes, this is a concern. Perhaps the reporter should be allowed access as well as people with SENSITIVE_VIEW. Or maybe anyone in the Cc field as well?

Changed 3 years ago by dkgdkg

patch that enables some options: allow_reporter, allow_cc (both of which default to false) and allow_owner (defaults to true)

comment:2 Changed 3 years ago by dkgdkg

(sorry for the duplicate copies)

Changed 3 years ago by dkgdkg

revised patch which also adds limit_sensitivity option to prevent people from setting sensitivity on tickets they won't have access to.

comment:3 Changed 3 years ago by hasienda

  • Keywords newticket success feedback added
  • Owner changed from obs to dkgdkg

assign to current maintainer now

comment:4 Changed 3 years ago by dkgdkg

  • Resolution set to fixed
  • Status changed from new to closed

This should be closed as of r11287

Add Comment

Modify Ticket

Action
as closed The owner will remain dkgdkg.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.