Edgewall Software
Modify

Opened 18 years ago

Closed 17 years ago

Last modified 17 years ago

#4237 closed enhancement (duplicate)

Add a permission for reopening tickets

Reported by: Rakshasa Owned by: Jonas Borgström
Priority: normal Milestone:
Component: general Version: 0.10.2
Severity: normal Keywords: workflow permission
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

A lot of my ticket have been reopened due to spammers, and I'd like a way to disallow anonymous from reopening them. Although I realize it might would be a problem that users won't be able to reopen them, it's not as bad a problem as having all my tickets reopened by spammers even though I delete them with a script.

Attachments (0)

Change History (7)

comment:1 by anonymous, 18 years ago

One solution (though not ideal) is removing the TICKET_MODIFY permission for anonymous users.

comment:2 by anonymous, 18 years ago

Anonymous doesn't have TICKET_MODIFY permission, yet still they can reopen due to TICKET_APPEND.

comment:3 by Christopher Lenz, 18 years ago

The permission to reopen tickets is actually controlled by TICKET_CREATE (the logic being that reopening an existing ticket is similar to creating a new ticket). In retrospect, I'm not sure that was the right decision, but TICKET_MODIFY would be too restrictive and TICKET_APPEND too open.

Anyway, if you need spam control, I'd strongly suggest looking either into the SpamFilter plugin, or requiring registration using the th:AccountManagerPlugin.

comment:4 by Christian Boos, 18 years ago

Keywords: workflow permission added
Milestone: 0.11

This issue should probably be examined in the light of the recent/future changes concerning workflow and security.

comment:5 by Eli Carter, 18 years ago

WorkFlow allows you to specify permissions required to take each action on a ticket.

comment:6 by osimons <simon-code@…>, 17 years ago

Milestone: 0.11.10.11
Resolution: duplicate
Status: newclosed

Closing this as duplicate of #3902. It is essentially a variation on the same issue.

Use SpamFilter as a general spam-fighting solution, or else writing a custom security policy plugin will let you set your rules as you want them. For this exact issue it is a matter of checking to see if it is a TICKET_CREATE on a pre-existing ticket, and deny if anonymous.

comment:7 by Christian Boos, 17 years ago

Milestone: 0.11

(clearing the milestone field, as it's a duplicate)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.