Edgewall Software
Modify

Opened 6 years ago

Closed 6 years ago

Last modified 5 years ago

#13076 closed defect (duplicate)

Showing clone button should be required TICKET_ADMIN

Reported by: Jun Omae Owned by:
Priority: normal Milestone:
Component: ticket system Version:
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

Until 1.2-stable, showing clone button is required TICKET_ADMIN but, in trunk, the button is shown even for anonymous user.

TicketClone page describes that it requires at least TICKET_ADMIN level privileges.

Spammers create easily tickets via clone button. Annoying….

Attachments (0)

Change History (4)

comment:1 by Ryan J Ollos, 6 years ago

TICKET_ADMIN requirement was removed in r15436.

For some Trac instances requiring only TICKET_CREATE might be desirable.

Another idea, I suppose we could add a TICKET_CLONE permission.

comment:2 by Jun Omae, 6 years ago

In #10948, TICKET_CREATE or TICKET_CLONE permission to clone ticket is discussed but that is not fixed.

I think the removing TICKET_ADMIN from the requirement is a wrong.

comment:3 by Ryan J Ollos, 6 years ago

Milestone: 1.3.4
Resolution: duplicate
Status: newclosed

I'll rebase proposed changes in #10948 and review. That ticket is now targeted to milestone:1.3.4.

in reply to:  1 comment:4 by Jun Omae, 5 years ago

Replying to Ryan J Ollos:

For some Trac instances requiring only TICKET_CREATE might be desirable.

The clone button currently is required TICKET_MODIFY permission.

ticketclone.js inserts the clone button after Reply button (#addreply) in ticket description, however it is not rendered for the user without TICKET_MODIFY.

trac/ticket/templates/ticket_box.html:

196         function insertNearReplyToDescription(content, side) {
197           if (side === 'right') {
198             $("#ticket .description #addreply").before(content);
199           } else if (side === 'rightmost') {
200             $("#ticket .description > h2").after(content);
201           } else if (side === 'leftmost') {
202             $("#ticket .description").children(".searchable, br")
203               .before(content);
204           } else { // 'left'
205 =>          $("#ticket .description #addreply").after(content);
206           }
207         }

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from (none) to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.