allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Igor Bondarenko" <>
Subject [allura:tickets] #7560 Avoid weird permissions when anonymous creates a private ticket
Date Mon, 18 Aug 2014 11:42:38 GMT
- **status**: in-progress --> code-review
- **Comment**:

Closed #630. `je/42cc_7560`


** [tickets:#7560] Avoid weird permissions when anonymous creates a private ticket**

**Status:** code-review
**Milestone:** forge-backlog
**Labels:** ux bitesize 42cc 
**Created:** Thu Jul 10, 2014 06:08 PM UTC by Dave Brondsema
**Last Updated:** Mon Aug 11, 2014 05:45 PM UTC
**Owner:** Igor Bondarenko

In the `_set_private` method, the creator of a ticket gets read rights to the ticket.  But
if that is an anonymous user, then the ticket is readable by everyone.  To avoid that situation
altogether, we could prompt them if they try to mark as private, and notify that they will
need to login to make a private ticket.


Sent from because is subscribed to

To unsubscribe from further messages, a project admin can change settings at
 Or, if this is a mailing list, you can unsubscribe from the mailing list.
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message