allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Brondsema" <>
Subject [allura:tickets] #7560 Avoid weird permissions when anonymous creates a private ticket
Date Mon, 11 Aug 2014 17:45:42 GMT
- **labels**: ux, bitesize --> ux, bitesize, 42cc
- **status**: open --> in-progress
- **assigned_to**: Igor Bondarenko


** [tickets:#7560] Avoid weird permissions when anonymous creates a private ticket**

**Status:** in-progress
**Milestone:** forge-backlog
**Labels:** ux bitesize 42cc 
**Created:** Thu Jul 10, 2014 06:08 PM UTC by Dave Brondsema
**Last Updated:** Thu Jul 10, 2014 06:12 PM UTC
**Owner:** Igor Bondarenko

In the `_set_private` method, the creator of a ticket gets read rights to the ticket.  But
if that is an anonymous user, then the ticket is readable by everyone.  To avoid that situation
altogether, we could prompt them if they try to mark as private, and notify that they will
need to login to make a private ticket.


Sent from because is subscribed to

To unsubscribe from further messages, a project admin can change settings at
 Or, if this is a mailing list, you can unsubscribe from the mailing list.
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message