Context Navigation

Modify ↓

#9179 closed defect (fixed)

Hidden fields are lost for anonymous ticket creation

Reported by:	james.e.harrison@…	Owned by:	Rob Guttman
Priority:	low	Component:	DynamicFieldsPlugin
Severity:	normal	Keywords:
Cc:		Trac Release:	0.12

Description

If ticket policy allows anonymous ticket creation and viewing, but not modification, then all fields that should be hidden can be visible at the wrong time.

post_process_request() in web_ui.py requires TICKET_MODIFY to add the scripts to the page.

One fix for this would be the following:

def post_process_request(self, req, template, data, content_type):
        if ((req.path_info.startswith('/ticket') \
           and req.perm.has_permission('TICKET_VIEW'))
          or (req.path_info.startswith('/newticket') \
           and req.perm.has_permission('TICKET_CREATE')) \
          or (req.path_info.startswith('/query') \
           and req.perm.has_permission('REPORT_VIEW'))):

This, of course assumes that anyone who has TICKET_MODIFY also has TICKET_VIEW and TICKET_CREATE, which is not necessarily true in Trac 0.12...

Simply appending the script to all /ticket, /newticket, and /query pages may be the easiest fix :)

Attachments (0)

Change History (3)

comment:1 Changed 14 years ago by Rob Guttman

(In [11001]) refs #9179: enhanced permissions for anonymous users

comment:2 Changed 14 years ago by Rob Guttman

Resolution:	→ fixed
Status:	new → closed

Done.

comment:3 Changed 14 years ago by james.e.harrison@…

Thanks!!!

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain Rob Guttman.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: