Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for #1037 myTickets now honours permissions #1040

Merged
merged 1 commit into from Apr 5, 2016

Conversation

@paulsputer
Copy link
Collaborator

paulsputer commented Apr 4, 2016

Ticket search results are now only displayed if user has view rights to the repository.

This also corrects the handling of tickets that were created by, watched by, assigned to or mentions a user that no longer has view rights.

@paulsputer
Copy link
Collaborator Author

paulsputer commented Apr 4, 2016

@gitblit we may want to consider a minor release for this change as it fixes a potential information leak. What do you think?

@gitblit
Copy link
Owner

gitblit commented Apr 5, 2016

I can spin up a release whenever you think it's needed, but based on what has merged into master I would probably bump it to 1.8.0.

@paulsputer
Copy link
Collaborator Author

paulsputer commented Apr 5, 2016

Ok thanks, in that case I'll get a few small changes sorted and list them in a 1.8.0 prep ticket

@paulsputer paulsputer merged commit 6ecf390 into master Apr 5, 2016
@paulsputer paulsputer deleted the 1037-EnforcePermissionsForTickets branch Apr 7, 2016
@flaix flaix modified the milestone: 1.8.0 Mar 18, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.