non ticket owner can still have ticket action
|Reported by:||anonymous||Owned by:||Norman Rasmussen|
|Severity:||critical||Keywords:||none ticket owner has ticket actions|
Good to find this plugin. But not ticket owner still permit for ticket actions. My trac.ini: [virtualticketpermissions] group_blacklist = anonymous, authenticated
[components] virtualticketpermissions.* = enabled
[trac] permission_policies = DefaultPermissionPolicy, LegacyAttachmentPolicy, VirtualTicketPermissionsPolicy
[ticket-workflow] accept = new,reopened -> working accept.operations = set_owner_to_self accept.permissions = TICKET_IS_OWNER assign = new -> new assign.operations = set_owner assign.permissions = TICKET_IS_OWNER
User: op, tester has TICKET_IS_OWNER_GROUP permission. op and tester are belong to different groups. Ticket 1 is created and owned by op. But tester can still accept, assign ticket 1. As my mean tester should not permit to own ticket 1 any actions because it is not ticket 1 owner. What's wrong now?