Modify

Opened 8 years ago

Closed 8 years ago

#920 closed defect (fixed)

Private tickets still viewable via "Download in other formats"

Reported by: Marcel (marcel [at] thegrave [dot] nl) Owned by: coderanger
Priority: high Component: PrivateTicketsPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

First of all, compliments for this plugin. It's actually something I've been searching for quite some time now, because our company would like to set up a test-installation of Trac as a bug/support platform for our customers. Obviously, we wouldn't want customer X looking into the tickets of customer Y.

Anyway, I was testing it a bit, and while watching a list of my own tickets (viewing the "All Active Tickets" report), I tried clicking the "Tab-delimited Text" link on the bottom of the page, to see what would happen. Unfortunately, in that file I just get a list of all available tickets, including all tickets reported by other users.

Can you fix this, so that the "Other format"-links take your TICKET_VIEW_* permissions into account? That way, the Comma- and Tab-delimited files would only display the tickets a user is permitted to see.
If that's a no-go, can I somehow disable those links, or disable the feature in Trac?

Thanks in advance for your efforts!

Marcel.

Attachments (0)

Change History (7)

comment:1 Changed 8 years ago by tlipp@…

  • Priority changed from normal to high

hi,
like the idea of your plugin. As mentioned above disabling downloading all tickets instead of the private tickets only is important to me either. We would like to use Trac for our customers and they should only see what they have reported. Thanks for your work.
Best regards,
Toni

comment:2 follow-ups: Changed 8 years ago by coderanger

(In [1609]) Filter other formats on queries. (refs #920)

comment:3 Changed 8 years ago by r.sokoll@…

I second that.

Rainer

comment:4 Changed 8 years ago by duanestark@…

Love the plugin!

Any ETA when this will be resolved? It's the only thing holding us back from deploying to our clients.

If not, is there a known way to disable the feed links at the bottom? I'd rather just remove them from the time being, but cant find any documentation on how to do that.

Thanks!

comment:5 in reply to: ↑ 2 Changed 8 years ago by anonymous

Replying to coderanger:

(In [1609]) Filter other formats on queries. (refs #920)

Could you give an example of how to modify the codes to filter other formats on queries??

comment:6 in reply to: ↑ 2 Changed 8 years ago by anonymous

Replying to coderanger:

(In [1609]) Filter other formats on queries. (refs #920)

This fix doesn't seem to work. The other formats still show all tickets.

comment:7 Changed 8 years ago by coderanger

  • Resolution set to fixed
  • Status changed from new to closed

(In [2115]) Block access to tab and csv formatted reports. (closes #920)

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.