View Issue Details

IDProjectCategoryView StatusLast Update
0019944mantisbtauthorizationpublic2016-07-14 00:54
Reporterbadfiles Assigned To 
PrioritylowSeverityminorReproducibilityalways
Status confirmedResolutionopen 
Product Version1.3.0-beta.2 
Summary0019944: Redirect loop when user is not allowed to view bugs.
Description

if $g_view_bug_threshold is higher than logged-in-user's access level, most browsers detect redirect loop on most pages.

TagsNo tags attached.

Activities

vboctor

vboctor

2015-08-15 01:09

manager   ~0051257

What would the user be able to do if their access level is below view bug threshold? I'm inclined to reduce the severity of this issue since I'm not sure it is a realistic situation.

atrol

atrol

2015-08-15 15:14

developer   ~0051264

I'm inclined to reduce the severity of this issue
+1

vboctor

vboctor

2015-08-16 17:13

manager   ~0051272

Reduced severity to minor and priority to low. Now the next question is whether this is worth fixing vs. closing as won't fix.

dregad

dregad

2015-08-17 03:20

developer   ~0051276

@badfiles, could you maybe describe the use case scenario for having a user's access level below $g_view_bug_threshold ?

badfiles

badfiles

2015-08-17 17:42

reporter   ~0051289

I found this bug trying to find a way to allow guests reporting, but disallow them to see reported bugs, even if they reported it, so only registered users could see reported bugs.
But this case seems to be unavailable with Mantis out-of-box.

Private bugs are still visible for reporters, viewing may not be disabled,
above this logged in anonymous and not logged in anonymous see different pages.