View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008439 | mantisbt | public | 2007-10-03 03:51 | 2015-03-19 04:46 | |
| Reporter | CADbloke | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| Platform | any | ||||
| Product Version | 1.1.0a4 | ||||
| Summary | 0008439: email to reporter on admin update includes related task that reporter is not authorised to see | ||||
| Description | Updated a ticket in an unrestricted project to be a child of another issue in a private project, inaccessible to the reporter of the updated ticket. Email to reporter included relationship summary and "child of" and the issue number of the issue they don't have access to. Note - the user cannot access the issue but they are aware of the presence of another issue which they don't have access to. Not a deal breaker for me. | ||||
| Steps To Reproduce |
| ||||
| Additional Information | Probably need to add code to email sending module to verify that recipient has rights to the information they are getting. This could only be implemented if Mantis sends individual emails to each recipient for an incident / update. | ||||
| Tags | No tags attached. | ||||
