[#3789] pick up number for guest ,if without read permission
Summary pick up number for guest ,if without read permission
Queue Whups
Type Enhancement
State Accepted
Priority 1. Low
Owners
Requester david@tmv.gov.tw
Created 2006-04-19 (4985 days ago)
Due
Updated 2007-09-29 (4457 days ago)
Assigned
Resolved
Milestone
Patch No

Comments
david@tmv.gov.tw 2006-04-19 00:47:33
Follow up ticket 3630

> If have a queue where guests have the rights "Show" and "Edit", but 
> not "Read"



> So they are able to report something, but not to read the content 
> afterwards. On this way it is possible to *report critical content* 
> that should not be accessible by anyone.



How about send guest a pick-up number in the first notification 
message,so they can read ticket's history ,if guest just have Show and 
Edit permission.



Chuck Hagenbuch <chuck@horde.org> 2006-04-19 04:41:09
What would the pick-up number link to?



One problem is that SHOW permission means you can see an object 
exists, but not what it is (more or less - times for calendar events 
but not titles, etc.). How would having SHOW let someone see 
information about a ticket, using that understanding of SHOW?

Jan Schneider <jan@horde.org> 2006-04-19 06:51:55
Yes, the permissions should be opposite. E.g. if the user has read but 
not show permissions, he will get the regular notification message and 
can access the ticket through the url, but it won't show up in any bug 
listings.

This won't keep any anonymous user from trying several bug number 
manually though, so it's only obfuscation by hiding.

david@tmv.gov.tw 2006-04-19 16:02:13
Here is my thought about this issue:

First,the ticket did not realy created into system until guest confirm 
by the url or pick-up number given in the first notification.This is 
for verify guest's mail address.



Second,those who can provide corrct pick-up number or url,system will 
treat them as CREATOR not GUEST only for that ticket.



David