[allura:tickets] #7560 Avoid weird permissions when anonymous creates a private ticket

[Dave Brondsema <br...@users.sf.net>]

- **labels**: ux, bitesize --> ux, bitesize, 42cc
- **status**: open --> in-progress
- **assigned_to**: Igor Bondarenko



---

** [tickets:#7560] Avoid weird permissions when anonymous creates a private ticket**

**Status:** in-progress
**Milestone:** forge-backlog
**Labels:** ux bitesize 42cc 
**Created:** Thu Jul 10, 2014 06:08 PM UTC by Dave Brondsema
**Last Updated:** Thu Jul 10, 2014 06:12 PM UTC
**Owner:** Igor Bondarenko

In the `_set_private` method, the creator of a ticket gets read rights to the ticket.  But if that is an anonymous user, then the ticket is readable by everyone.  To avoid that situation altogether, we could prompt them if they try to mark as private, and notify that they will need to login to make a private ticket.


---

Sent from sourceforge.net because dev@allura.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.