Hi, Gio. Thanks for pointing this out. Browse permission for anonymous users is normal for most of our work, as we document much of our work and decisions in public.
It took longer to untangle the other and understand more of what's going on, but as far as I can see, anonymous users don't really use or need permission to transition issues. Viewing various issues without logging in, I haven't yet found an issue where I can anonymously transition an issue. Looking at the workflow used by the GPII project (and most other projects), I see that most of the transitions have associated conditions which check for additional permissions beyond simply being able to transition the issue. So, even though an anonymous user theoretically has permission, in practice it really seems like they can't use that permission in most projects. The UX project is the only project where I can see anonymous users transitioning issues. I can see that project uses its own permission scheme, which does not grant permission to transition issues to anonymous users. They somehow are transitioning issues anonymously without that permission (I suspect a plugin of some kind, as they do give the "automation" group permission). Since no one seems to actually need that permission, I would suggest removing anonymous users' permission to transition issues from the default permission scheme used by the GPII project. I am copying the architecture team for wider input, if there are no objections I will make this change later in the week. Cheers, Tony On 22 June 2018 at 19:59, Tirloni, Giovanni <[email protected]> wrote: > Hello, > > While acessing the GPII JIRA, I noticed hundreds of status updates by an > anonymous user, like this one: > > https://issues.gpii.net/browse/UX-37 > > It seems that the "Anyone" group has access to transition and browse > issues in various permission schemas: > > https://issues.gpii.net/secure/admin/ViewPermissionSchemes.jspa > > Just a heads up in case this isn't expected. > > Regards, > Giovanni > _______________________________________________ > [email protected] > https://lists.gpii.net/mailman/listinfo/infrastructure >
_______________________________________________ Architecture mailing list [email protected] https://lists.gpii.net/mailman/listinfo/architecture
