Modify

Opened 18 years ago

Closed 18 years ago

#920 closed defect (fixed)

Private tickets still viewable via "Download in other formats"

Reported by: Marcel <marcel@…> Owned by: Noah Kantrowitz
Priority: high Component: PrivateTicketsPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

First of all, compliments for this plugin. It's actually something I've been searching for quite some time now, because our company would like to set up a test-installation of Trac as a bug/support platform for our customers. Obviously, we wouldn't want customer X looking into the tickets of customer Y.

Anyway, I was testing it a bit, and while watching a list of my own tickets (viewing the "All Active Tickets" report), I tried clicking the "Tab-delimited Text" link on the bottom of the page, to see what would happen. Unfortunately, in that file I just get a list of all available tickets, including all tickets reported by other users.

Can you fix this, so that the "Other format"-links take your TICKET_VIEW_* permissions into account? That way, the Comma- and Tab-delimited files would only display the tickets a user is permitted to see. If that's a no-go, can I somehow disable those links, or disable the feature in Trac?

Thanks in advance for your efforts!

Marcel.

Attachments (0)

Change History (7)

comment:1 Changed 18 years ago by tlipp@…

Priority: normalhigh

hi, like the idea of your plugin. As mentioned above disabling downloading all tickets instead of the private tickets only is important to me either. We would like to use Trac for our customers and they should only see what they have reported. Thanks for your work. Best regards, Toni

comment:2 Changed 18 years ago by Noah Kantrowitz

(In [1609]) Filter other formats on queries. (refs #920)

comment:3 Changed 18 years ago by Rainer Sokoll

I second that.

Rainer

comment:4 Changed 18 years ago by duanestark@…

Love the plugin!

Any ETA when this will be resolved? It's the only thing holding us back from deploying to our clients.

If not, is there a known way to disable the feed links at the bottom? I'd rather just remove them from the time being, but cant find any documentation on how to do that.

Thanks!

comment:5 in reply to:  2 Changed 18 years ago by anonymous

Replying to coderanger:

(In [1609]) Filter other formats on queries. (refs #920)

Could you give an example of how to modify the codes to filter other formats on queries??

comment:6 in reply to:  2 Changed 18 years ago by anonymous

Replying to coderanger:

(In [1609]) Filter other formats on queries. (refs #920)

This fix doesn't seem to work. The other formats still show all tickets.

comment:7 Changed 18 years ago by Noah Kantrowitz

Resolution: fixed
Status: newclosed

(In [2115]) Block access to tab and csv formatted reports. (closes #920)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Noah Kantrowitz.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment

E-mail address and name can be saved in the Preferences.

AttachmentsDescription
 
Note: See TracTickets for help on using tickets.