Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for #1037 myTickets now honours permissions #1040

Merged
merged 1 commit into from Apr 5, 2016

Conversation

paulsputer
Copy link
Collaborator

Ticket search results are now only displayed if user has view rights to the repository.

This also corrects the handling of tickets that were created by, watched by, assigned to or mentions a user that no longer has view rights.

@paulsputer
Copy link
Collaborator Author

@gitblit we may want to consider a minor release for this change as it fixes a potential information leak. What do you think?

@gitblit
Copy link
Collaborator

gitblit commented Apr 5, 2016

I can spin up a release whenever you think it's needed, but based on what has merged into master I would probably bump it to 1.8.0.

@paulsputer
Copy link
Collaborator Author

Ok thanks, in that case I'll get a few small changes sorted and list them in a 1.8.0 prep ticket

@paulsputer paulsputer merged commit 6ecf390 into master Apr 5, 2016
@paulsputer paulsputer deleted the 1037-EnforcePermissionsForTickets branch April 7, 2016 18:07
@flaix flaix modified the milestone: 1.8.0 Mar 18, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants