Opened 5 years ago

Closed 4 years ago

#2122 closed change (rejected)

[trac issues 1] limit interface users to only see their reported issues

Reported by: philll Assignee: philll
Priority: Unknown Milestone:
Module: Infrastructure Keywords:
Cc: Blocked By:
Blocking: Platform: Unknown
Ready: no Confidential: no
Tester: Verified working: no
Review URL(s):

http://codereview.adblockplus.org/4692378027819008

Description (last modified by philll)

Background

User accounts of our issue tracker issues1 currently see all issues independent of the user who reported them. As there is no way to have seperated editing permissions in Trac, they can as well edit them. While this is fine for real users, it raises the probability of accounts used for automated import interfaces to mess with unrelated issues.

Implementation suggestions

We can reuse the PrivateTicketsPlugin that is already installed for usage in our order system to do so.

What to change

In the issue tracker at issues 1, limit interface users to only see their reported issues

Change History (4)

comment:1 Changed 5 years ago by philll

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:2 Changed 5 years ago by philll

  • Description modified (diff)

comment:3 Changed 5 years ago by philll

  • Status changed from reviewing to reopened
  • Verified working unset

It turned out that my approach breaks the functionality of the SensitiveTicketsPlugin by overwriting its permission policy. Putting all policy checks in one line as actually designed so by Trac however raises the recursion loop described at http://trac-hacks.org/ticket/10228

comment:4 Changed 4 years ago by philll

  • Resolution set to rejected
  • Status changed from reopened to closed

Resolving this would require to patch the plugins or Trac itself, both of which would lead to severe maintenance effort, which we currently cannot provide.

Note: See TracTickets for help on using tickets.