Edgewall Software

Opened 13 years ago

Last modified 15 months ago

#8605 new enhancement

Allow non-authenticated users to replace their attachments

Reported by: Remy Blank Owned by:
Priority: normal Milestone: next-major-releases
Component: attachment Version: 0.12dev
Severity: normal Keywords: needmajor
Cc: Ryan J Ollos Branch:
Release Notes:
API Changes:
Internal Changes:


#8592 fixed replacing attachments for authenticated users. Non-authenticated users are currently denied replacing any attachments, unless they have ATTACHMENT_DELETE permission.

The goal of this enhancement is to allow non-authenticated users to replace their own attachments, without having ATTACHMENT_DELETE permission. The main use case is to allow correcting a bad upload shortly after the fact. This comment gives a possible solution, by structuring the author field as anonymous:<session_id> for unauthenticated users.

Removing one's own attachments could be enabled in the same way.

Attachments (0)

Change History (6)

comment:1 by Ryan Ollos <ryano@…>, 13 years ago

Cc: ryano@… added

comment:2 by Christian Boos, 13 years ago

Keywords: needmajor added

comment:3 by Christian Boos, 13 years ago

Milestone: 0.12next-major-0.1X

I don't see that happen for 0.12, unfortunately.

comment:4 by Carsten Klein <carsten.klein@…>, 13 years ago

This will break as soon as the session id changes.

See 1890#86 for a proposal on verifying email addresses registered with the session.

That way, the reporter can remain the same, and it will also be session agnostic in that the reporter can always regain the same preferences once the cookie was lost, simply by re-verifying.

comment:6 by Ryan J Ollos, 8 years ago

Cc: Ryan J Ollos added; ryano@… removed

comment:7 by Ryan J Ollos, 8 years ago

Owner: Remy Blank removed

Modify Ticket

Change Properties
Set your email in Preferences
as new The ticket will remain with no owner.
The ticket will be disowned.
as The resolution will be set. Next status will be 'closed'.
The owner will be changed from (none) to anonymous. Next status will be 'assigned'.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.