New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for #1037 myTickets now honours permissions #1040

Merged
merged 1 commit into from Apr 5, 2016

Conversation

Projects
None yet
3 participants
@paulsputer
Collaborator

paulsputer commented Apr 4, 2016

Ticket search results are now only displayed if user has view rights to the repository.

This also corrects the handling of tickets that were created by, watched by, assigned to or mentions a user that no longer has view rights.

@paulsputer

This comment has been minimized.

Show comment
Hide comment
@paulsputer

paulsputer Apr 4, 2016

Collaborator

@gitblit we may want to consider a minor release for this change as it fixes a potential information leak. What do you think?

Collaborator

paulsputer commented Apr 4, 2016

@gitblit we may want to consider a minor release for this change as it fixes a potential information leak. What do you think?

@gitblit

This comment has been minimized.

Show comment
Hide comment
@gitblit

gitblit Apr 5, 2016

Owner

I can spin up a release whenever you think it's needed, but based on what has merged into master I would probably bump it to 1.8.0.

Owner

gitblit commented Apr 5, 2016

I can spin up a release whenever you think it's needed, but based on what has merged into master I would probably bump it to 1.8.0.

@paulsputer

This comment has been minimized.

Show comment
Hide comment
@paulsputer

paulsputer Apr 5, 2016

Collaborator

Ok thanks, in that case I'll get a few small changes sorted and list them in a 1.8.0 prep ticket

Collaborator

paulsputer commented Apr 5, 2016

Ok thanks, in that case I'll get a few small changes sorted and list them in a 1.8.0 prep ticket

@paulsputer paulsputer merged commit 6ecf390 into master Apr 5, 2016

@paulsputer paulsputer deleted the 1037-EnforcePermissionsForTickets branch Apr 7, 2016

@fzs fzs modified the milestone: 1.8.0 Mar 18, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment