Opened 15 years ago
Last modified 3 years ago
#8605 new enhancement
Allow non-authenticated users to replace their attachments
Reported by: | Remy Blank | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | next-major-releases |
Component: | attachment | Version: | 0.12dev |
Severity: | normal | Keywords: | needmajor |
Cc: | Ryan J Ollos | Branch: | |
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
#8592 fixed replacing attachments for authenticated users. Non-authenticated users are currently denied replacing any attachments, unless they have ATTACHMENT_DELETE
permission.
The goal of this enhancement is to allow non-authenticated users to replace their own attachments, without having ATTACHMENT_DELETE
permission. The main use case is to allow correcting a bad upload shortly after the fact. This comment gives a possible solution, by structuring the author
field as anonymous:<session_id>
for unauthenticated users.
Removing one's own attachments could be enabled in the same way.
Attachments (0)
Change History (6)
comment:1 by , 15 years ago
Cc: | added |
---|
comment:2 by , 15 years ago
Keywords: | needmajor added |
---|
comment:3 by , 15 years ago
Milestone: | 0.12 → next-major-0.1X |
---|
comment:4 by , 15 years ago
This will break as soon as the session id changes.
See 1890#86 for a proposal on verifying email addresses registered with the session.
That way, the reporter can remain the same, and it will also be session agnostic in that the reporter can always regain the same preferences once the cookie was lost, simply by re-verifying.
comment:6 by , 10 years ago
Cc: | added; removed |
---|
comment:7 by , 10 years ago
Owner: | removed |
---|
I don't see that happen for 0.12, unfortunately.