Modify ↓
Opened 14 years ago
Closed 13 years ago
#7114 closed defect (fixed)
Unprivileged users opening a sensitive ticket don’t know that they succeeded
| Reported by: | Anders Kaseorg | Owned by: | Daniel Kahn Gillmor |
|---|---|---|---|
| Priority: | normal | Component: | SensitiveTicketsPlugin |
| Severity: | normal | Keywords: | newticket success feedback |
| Cc: | Trac Release: | 0.11 |
Description
If a user without SENSITIVE_VIEW permissions opens a sensitive ticket, then they do not have permission to view the ticket they just opened, and they are mysteriously redirected back to the new ticket form with no error message, and no indication that the ticket was successfully opened (even though it was).
Attachments (2)
Change History (6)
comment:1 Changed 13 years ago by
Changed 13 years ago by
| Attachment: | 7114.patch added |
|---|
patch that enables some options: allow_reporter, allow_cc (both of which default to false) and allow_owner (defaults to true)
Changed 13 years ago by
| Attachment: | 7114.2.patch added |
|---|
revised patch which also adds limit_sensitivity option to prevent people from setting sensitivity on tickets they won't have access to.
comment:3 Changed 13 years ago by
| Keywords: | newticket success feedback added |
|---|---|
| Owner: | changed from obs to Daniel Kahn Gillmor |
assign to current maintainer now
comment:4 Changed 13 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
This should be closed as of r11287
Note: See
TracTickets for help on using
tickets.
Yes, this is a concern. Perhaps the reporter should be allowed access as well as people with SENSITIVE_VIEW. Or maybe anyone in the Cc field as well?