#8846 closed defect (fixed)
TICKET_APPEND does not allow adding attachments to tickets
Reported by: | Owned by: | Christian Boos | |
---|---|---|---|
Priority: | normal | Milestone: | 0.11.6 |
Component: | web frontend | Version: | 0.11.5 |
Severity: | normal | Keywords: | ticket attachment permission |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
Hi,
I have a Trac setup where anonymous users have TICKET_CREATE and TICKET_APPEND permissions. With this setup, adding attachments should be possible, but the following line generates a redirect to an error page before adding attachments is possible. If the user additionally has TICKET_VIEW permissions, adding attachments works.
I'm not sure exactly why the line exists, since permissions seem to be checked fine without it? Maybe someone more knowledgable can help me out..
Removing the line as below results in the expected behavior (TICKET_APPEND allows adding attachments).
--- web_ui.py 2009-11-23 15:27:54.000000000 +0100 +++ web_ui.py.new 2009-11-23 15:43:37.000000000 +0100 @@ -980,7 +980,6 @@ def _do_create(self, req, ticket): ticket.insert() - req.perm(ticket.resource).require('TICKET_VIEW') # Notify try:
Attachments (0)
Change History (6)
comment:1 by , 15 years ago
comment:2 by , 15 years ago
comment:3 by , 15 years ago
comment:5 by , 15 years ago
Milestone: | → 0.11.6 |
---|---|
Resolution: | → fixed |
Status: | new → closed |
Done in [8856].
comment:6 by , 15 years ago
Owner: | set to |
---|
To summarize, in
web_ui.py
in _do_create
is called before
which AFAIK should NOT require TICKET_VIEW permissions.