Fix for #1037 myTickets now honours permissions #1040

merged 1 commit into from Apr 5, 2016


None yet

2 participants


Ticket search results are now only displayed if user has view rights to the repository.

This also corrects the handling of tickets that were created by, watched by, assigned to or mentions a user that no longer has view rights.


@gitblit we may want to consider a minor release for this change as it fixes a potential information leak. What do you think?

gitblit commented Apr 5, 2016

I can spin up a release whenever you think it's needed, but based on what has merged into master I would probably bump it to 1.8.0.


Ok thanks, in that case I'll get a few small changes sorted and list them in a 1.8.0 prep ticket

@paulsputer paulsputer merged commit 6ecf390 into master Apr 5, 2016
@paulsputer paulsputer deleted the 1037-EnforcePermissionsForTickets branch Apr 7, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment