#3466: Restrict users from seeing tickets that are not their own
----------------------------------------+-----------------------------------
Reporter: [EMAIL PROTECTED] | Owner: jonas
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: ticket system | Version: 0.9.6
Severity: normal | Keywords:
----------------------------------------+-----------------------------------
We'd like to prohibit users from seeing tickets that they did not report.
(Obviously, some users with proper permissions would need to be exempt
from this rule.)
I believe that this can be done if users come through the reporting
facility by disallowing users to create their own custom queries and
offering only queries which contain SQL statements to the desired effect.
However, as far as I see, this will not prevent users from looking up
tickets directly with the proper URL.
Would there be an easy way to implement such a privilege?
--
Ticket URL: <http://trac.edgewall.org/ticket/3466>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets
