Open
Bug 545176
Opened 14 years ago
Updated 9 years ago
allow everybody to set the private flag, not just members of insider group
Categories
(Bugzilla :: Attachments & Requests, enhancement)
Tracking
()
NEW
People
(Reporter: luca, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; it; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 Build Identifier: Firefox 3.5.7 According to http://www.bugzilla.org/features/#private the current way "private comments/attachments" works is: --- If you are in the "insider group," you can mark certain attachments and comments as private, and then they will be invisible to users who are not in the insider group. --- This is not flexible enough for us: we want our users to be able to mark their comments/attachments as private, but they must not be able to view private comments/attachments sent by other users. Previously it was possible to mark comments/attachments as private without being in the insidergroup. Am I missing something? To achieve maximum flexibility, it would be great to have two separated groups: one which has the privilege to set the private flag and one which has the privilege to read anything with the private flag. The author of a private comment/attachment should be always able to view it, regardless of the flags. Reproducible: Always
Reporter | ||
Updated•14 years ago
|
Summary: unable to set attachments as private by default → allow everybody to set the private flag, not just members of insider group
Comment 1•14 years ago
|
||
Isn't it enough to restrict the bug itself to a group?
Severity: minor → enhancement
OS: Linux → All
Hardware: x86 → All
Version: unspecified → 3.4.5
Reporter | ||
Comment 2•14 years ago
|
||
The text of the bug report shall be public (so that we don't get too many duplicate bugs), just the attachment shall be private. Attachments usually contain sensitive information.
Comment 3•14 years ago
|
||
(In reply to comment #0) > Previously it was possible to mark comments/attachments as private without > being in the insidergroup. > > Am I missing something? Perhaps that was a local customization, because that was never possible. I certainly see the use case for your organization, but in general we're pretty opposed to allowing people to do things that they can't undo. Perhaps we should always allow comment authors and attachment creators to see their own private things--that would handle the problem.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 4•14 years ago
|
||
(In reply to comment #3) > should always allow comment authors and attachment creators to see their own > private things--that would handle the problem. Attachment creators can always see their own attachments.
You need to log in
before you can comment on or make changes to this bug.
Description
•