Private ticket permission users can get ticket counts that include tickets they're not allowed to view
|Reported by:||jevans||Owned by:|
|Cc:||osimons, stephen.compall@…, trac-dev@…, comlock@…, hh@…, jschulz@…, felix.schwarz@…|
A user with private tickets permissions can still query how many tickets meet criteria even if they can't see the tickets listed or view them.
For instance they can type in query?status=!closed&priority=critical to get a count of how many critical defects are open.
I originally wrote this ticket on the PrivateTicketsPlugin (#3674) but heard that it's a problem in Trac core.
Change History (15)
comment:3 Changed 5 years ago by cboos
- Component changed from general to report system
- Keywords query added
- Milestone set to 0.12