allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Brondsema" <>
Subject [allura:tickets] #7560 Avoid weird permissions when anonymous creates a private ticket
Date Wed, 24 Sep 2014 14:26:47 GMT
- **status**: code-review --> closed
- **QA**: Dave Brondsema
- **Milestone**: forge-backlog --> forge-oct-3


** [tickets:#7560] Avoid weird permissions when anonymous creates a private ticket**

**Status:** closed
**Milestone:** forge-oct-3
**Labels:** ux bitesize 42cc 
**Created:** Thu Jul 10, 2014 06:08 PM UTC by Dave Brondsema
**Last Updated:** Mon Aug 18, 2014 11:42 AM UTC
**Owner:** Igor Bondarenko

In the `_set_private` method, the creator of a ticket gets read rights to the ticket.  But
if that is an anonymous user, then the ticket is readable by everyone.  To avoid that situation
altogether, we could prompt them if they try to mark as private, and notify that they will
need to login to make a private ticket.


Sent from because is subscribed to

To unsubscribe from further messages, a project admin can change settings at
 Or, if this is a mailing list, you can unsubscribe from the mailing list.
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message