Opened 14 years ago
Closed 13 years ago
#8870 closed defect (fixed)
Field permissions ignored in timeline
Reported by: | ronino | Owned by: | Russ Tyndall |
---|---|---|---|
Priority: | normal | Component: | TimingAndEstimationPlugin |
Severity: | normal | Keywords: | waiting-for-feedback |
Cc: | Trac Release: | 0.12 |
Description
I configured my Trac to not expose timing data to users without TIME_VIEW permission (with TIME_VIEW:remove in trac.ini). But in the timeline, those users still see that those fields have been changed (unlike in the ticket changelog where those information are hidden).
For example, the user can read in some timeline ticket change entry:
Add Hours to Ticket, Total Hours changed
In my opinion, those information should be removed from the timeline in those circumstances, otherwise those users wonder what those entries mean.
Attachments (0)
Change History (6)
comment:1 Changed 14 years ago by
Status: | new → assigned |
---|
comment:2 Changed 14 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
My guess is that these were not on the timeline in an earlier version of trac, or perhaps they were just missed since they had no data. Either way I just pushed a new version 1.1.6b that should correctly remove fields from the timeline for you.
Thanks for the bug report
comment:3 Changed 14 years ago by
Resolution: | fixed |
---|---|
Status: | closed → reopened |
Man, you are fast as opposed to me ;-). Thanks again.
I installed the new version, but unfortunately, the timeline didn't change. Assuming that it maybe has to due with my using German as default language, I reset the labels to your strings and set English as frontend language, but changes of timing data fields are still visible for users without TIME_VIEW permission.
When installing the upgrade, I simply replaced the old plugin folder with the new one and restarted Apache. Did I miss something?
comment:4 Changed 14 years ago by
You might need to enable the TimelinePermissionFilter in webadmin trac.ini depending on how you have stuff setup. If it is setup and enabled you should see "Timeline Filter" events in your trac debug log, whether or not it was working.
I dont think the label should change anything as we are using the value specified in the ini. It worked for me but it is definitely possible I missed something.
comment:5 Changed 13 years ago by
Keywords: | waiting-for-feedback added |
---|
comment:6 Changed 13 years ago by
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
Going to go ahead and close, if this is still a bug, please reopen.
It is definitely the intention that the timeline hide those details from users without permissions to them. Looking into this now.