[#3789] pick up number for guest ,if without read permission
Summary pick up number for guest ,if without read permission
Queue Whups
Type Enhancement
State Accepted
Priority 1. Low
Requester david (at) tmv (dot) gov (dot) tw
Created 2006-04-19 (5702 days ago)
Updated 2007-09-29 (5174 days ago)
Patch No

2007-09-29 02:28:22 Chuck Hagenbuch State ⇒ Accepted
2006-07-20 19:17:44 Chuck Hagenbuch State ⇒ New
2006-04-19 16:02:13 david (at) tmv (dot) gov (dot) tw Comment #4 Reply to this comment
Here is my thought about this issue:

First,the ticket did not realy created into system until guest confirm 
by the url or pick-up number given in the first notification.This is 
for verify guest's mail address.

Second,those who can provide corrct pick-up number or url,system will 
treat them as CREATOR not GUEST only for that ticket.

2006-04-19 06:51:55 Jan Schneider Comment #3 Reply to this comment
Yes, the permissions should be opposite. E.g. if the user has read but 
not show permissions, he will get the regular notification message and 
can access the ticket through the url, but it won't show up in any bug 

This won't keep any anonymous user from trying several bug number 
manually though, so it's only obfuscation by hiding.
2006-04-19 04:41:09 Chuck Hagenbuch Comment #2
State ⇒ Feedback
Reply to this comment
What would the pick-up number link to?

One problem is that SHOW permission means you can see an object 
exists, but not what it is (more or less - times for calendar events 
but not titles, etc.). How would having SHOW let someone see 
information about a ticket, using that understanding of SHOW?
2006-04-19 00:47:33 david (at) tmv (dot) gov (dot) tw Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 1. Low
Summary ⇒ pick up number for guest ,if without read permission
Queue ⇒ Whups
Reply to this comment
Follow up ticket 3630
If have a queue where guests have the rights "Show" and "Edit", but 
not "Read"
So they are able to report something, but not to read the content 
afterwards. On this way it is possible to *report critical content* 
that should not be accessible by anyone.
How about send guest a pick-up number in the first notification 
message,so they can read ticket's history ,if guest just have Show and 
Edit permission.

Saved Queries