Hi, Alfredo: It seems like you already made the change I was proposing. As far as I can see this is safe, but anyone reading this, do comment if you experience problems.
Cheers, Tony On 25 June 2018 at 12:04, Tony Atkins <[email protected]> wrote: > Hi, Gio. > > Thanks for pointing this out. Browse permission for anonymous users is > normal for most of our work, as we document much of our work and decisions > in public. > > It took longer to untangle the other and understand more of what's going > on, but as far as I can see, anonymous users don't really use or need > permission to transition issues. > > Viewing various issues without logging in, I haven't yet found an issue > where I can anonymously transition an issue. Looking at the workflow used > by the GPII project (and most other projects), I see that most of the > transitions have associated conditions which check for additional > permissions beyond simply being able to transition the issue. So, even > though an anonymous user theoretically has permission, in practice it > really seems like they can't use that permission in most projects. > > The UX project is the only project where I can see anonymous users > transitioning issues. I can see that project uses its own permission > scheme, which does not grant permission to transition issues to anonymous > users. They somehow are transitioning issues anonymously without that > permission (I suspect a plugin of some kind, as they do give the > "automation" group permission). > > Since no one seems to actually need that permission, I would suggest > removing anonymous users' permission to transition issues from the default > permission scheme used by the GPII project. I am copying the architecture > team for wider input, if there are no objections I will make this change > later in the week. > > Cheers, > > > > Tony > > On 22 June 2018 at 19:59, Tirloni, Giovanni <[email protected]> wrote: > >> Hello, >> >> While acessing the GPII JIRA, I noticed hundreds of status updates by >> an anonymous user, like this one: >> >> https://issues.gpii.net/browse/UX-37 >> >> It seems that the "Anyone" group has access to transition and browse >> issues in various permission schemas: >> >> https://issues.gpii.net/secure/admin/ViewPermissionSchemes.jspa >> >> Just a heads up in case this isn't expected. >> >> Regards, >> Giovanni >> _______________________________________________ >> [email protected] >> https://lists.gpii.net/mailman/listinfo/infrastructure >> > >
_______________________________________________ Architecture mailing list [email protected] https://lists.gpii.net/mailman/listinfo/architecture
