#1396 closed enhancement (fixed)
Disable anonymous access for closing bugs
Reported by: | ludde | Owned by: | Jonas Borgström |
---|---|---|---|
Priority: | normal | Milestone: | 0.9 |
Component: | ticket system | Version: | devel |
Severity: | normal | Keywords: | |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description (last modified by )
Anonymous users should not be able to resolve bugs. Support for closing bugs has to have permissions.
Attachments (3)
Change History (9)
comment:1 by , 20 years ago
Description: | modified (diff) |
---|---|
Priority: | highest → normal |
Severity: | critical → enhancement |
comment:2 by , 20 years ago
In many environments, it's okay to allow anonymous users to resolve tickets (for example, the typical "ah, my mistake" follow-up).
So there could be an additional TICKET_RESOLVE
permission that would be granted to anonymous by default, but could easily be restricted to authenticated users.
comment:3 by , 20 years ago
How about a system like in the php bugtracker, where the bug reporter can specify a password and with this password change the status. Then you can disallow anonymous users to resolve a bug.
(btw: anonymous users should not be allowed to accept a ticket, too)
by , 20 years ago
Attachment: | TicketClosePermissions.diff added |
---|
Patch for fine grained ticket permissions
comment:4 by , 20 years ago
Added a diff attachment with support for more fine-grained permissions.
These are the new permissions:
- TICKET_EDIT - Allow editing of ticket properties
- TICKET_RESOLVE - Allow closing tickets
- TICKET_APPEND - Only allow appending comments to the ticket
- TICKET_ATTACH - Allow attaching files
This patch also implements #1211
by , 20 years ago
Attachment: | TicketClosePermissions-r1496.diff added |
---|
by , 20 years ago
Attachment: | TicketClosePermissions-r1496.2.diff added |
---|
comment:6 by , 20 years ago
Milestone: | → 0.9 |
---|---|
Resolution: | → fixed |
Status: | new → closed |
Merged in [1516].
See also #1211.