Opened 15 years ago
Last modified 3 years ago
#8605 new enhancement
Allow non-authenticated users to replace their attachments
| Reported by: | Remy Blank | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | next-major-releases |
| Component: | attachment | Version: | 0.12dev |
| Severity: | normal | Keywords: | needmajor |
| Cc: | Ryan J Ollos | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
#8592 fixed replacing attachments for authenticated users. Non-authenticated users are currently denied replacing any attachments, unless they have ATTACHMENT_DELETE permission.
The goal of this enhancement is to allow non-authenticated users to replace their own attachments, without having ATTACHMENT_DELETE permission. The main use case is to allow correcting a bad upload shortly after the fact. This comment gives a possible solution, by structuring the author field as anonymous:<session_id> for unauthenticated users.
Removing one's own attachments could be enabled in the same way.
Attachments (0)
Change History (6)
comment:1 by , 15 years ago
| Cc: | added |
|---|
comment:2 by , 14 years ago
| Keywords: | needmajor added |
|---|
comment:3 by , 14 years ago
| Milestone: | 0.12 → next-major-0.1X |
|---|
comment:4 by , 14 years ago
This will break as soon as the session id changes.
See 1890#86 for a proposal on verifying email addresses registered with the session.
That way, the reporter can remain the same, and it will also be session agnostic in that the reporter can always regain the same preferences once the cookie was lost, simply by re-verifying.
comment:6 by , 10 years ago
| Cc: | added; removed |
|---|
comment:7 by , 9 years ago
| Owner: | removed |
|---|
I don't see that happen for 0.12, unfortunately.