Hidden fields are lost for anonymous ticket creation
|Reported by:||james.e.harrison@…||Owned by:||robguttman|
If ticket policy allows anonymous ticket creation and viewing, but not modification, then all fields that should be hidden can be visible at the wrong time.
post_process_request() in web_ui.py requires TICKET_MODIFY to add the scripts to the page.
One fix for this would be the following:
def post_process_request(self, req, template, data, content_type): if ((req.path_info.startswith('/ticket') \ and req.perm.has_permission('TICKET_VIEW')) or (req.path_info.startswith('/newticket') \ and req.perm.has_permission('TICKET_CREATE')) \ or (req.path_info.startswith('/query') \ and req.perm.has_permission('REPORT_VIEW'))):
This, of course assumes that anyone who has TICKET_MODIFY also has TICKET_VIEW and TICKET_CREATE, which is not necessarily true in Trac 0.12...
Simply appending the script to all /ticket, /newticket, and /query pages may be the easiest fix :)