Also need to handle when anonymous creates a (public) ticket and an admin later needs to set it private. The admin should be able to do that, and the owner (anonymous) shouldn't have any read rights any more.
--- ** [tickets:#7560] Avoid weird permissions when anonymous creates a private ticket** **Status:** open **Milestone:** forge-backlog **Labels:** ux bitesize **Created:** Thu Jul 10, 2014 06:08 PM UTC by Dave Brondsema **Last Updated:** Thu Jul 10, 2014 06:08 PM UTC **Owner:** nobody In the `_set_private` method, the creator of a ticket gets read rights to the ticket. But if that is an anonymous user, then the ticket is readable by everyone. To avoid that situation altogether, we could prompt them if they try to mark as private, and notify that they will need to login to make a private ticket. --- Sent from sourceforge.net because [email protected] is subscribed to https://sourceforge.net/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
