View Issue Details

IDProjectCategoryView StatusLast Update
0022203mantisbtfeaturepublic2017-04-21 02:51
ReporterGunSmokerAssigned Tocommunity 
PrioritynormalSeverityfeatureReproducibilityN/A
Status assignedResolutionopen 
Product Version2.0.0 
Target VersionFixed in Version 
Summary0022203: Public / external access to tickets by unique URL
Description

Mantis should have a feature of allowing people to view tickets by known URL without having to log in. Currently, Mantis has anonymous access option, which does allow viewing without logging in. However, it does not allow you to control this behaviour per ticket.

The usage case is simple:

  1. You application posts a new bug to Mantis.
  2. You report an unique URL to user.
  3. User can open this URL and track progress of the bug (see its status, may be dev. comments, etc.).
  4. User should not be able to view other tickets (bugs) in this project or any other project.

This can be implemented by adding some random secret value ("token") to each ticket. If this value is present in URL - allow limited read access, otherwise - use normal access rules (cookies, anonymous access, etc.).

For example:
https://bugs.domain.com/view.php?id=631
https://bugs.domain.com/view.php?id=631&token=ya86EXROftHDXfAYG1eq

The first URL should block user unless he is logged in and has access to the project. The second URL should allow limited read access regardless of user being logged in or not.

A simplified front-end page may be added to implement this limited view. Also, a secret token (or full URL) must be passed back to caller when creating/updating bug via API.

Additional Information

https://help.fogcreek.com/7564/public-access-to-cases - "Public Access to Cases"; a similar feature in FogBugz tracker.

TagsNo tags attached.

Relationships

related to 0022745 new Grant Access in VIEW mode (Read Only) 'skipping' user threshold 

Activities

GunSmoker

GunSmoker

2017-01-15 16:15

reporter   ~0055134

An example of this feature in FogBugz.

On the left: case is accessed by unique URL. Only limited view is available.
On the right: case is accessed by logged in user. Full view is available.



Безымянный.png (170,563 bytes)
Безымянный.png (170,563 bytes)
GunSmoker

GunSmoker

2017-01-18 08:00

reporter   ~0055198

This is how it is implemented on our server.



view.png (23,971 bytes)
view.png (23,971 bytes)
view2.png (36,023 bytes)
view2.png (36,023 bytes)
GunSmoker

GunSmoker

2017-01-19 07:34

reporter   ~0055235

https://github.com/mantisbt/mantisbt/pull/1001

GunSmoker

GunSmoker

2017-01-26 15:45

reporter   ~0055350

This can also be integrated with 0022263

Issue History

Date Modified Username Field Change
2017-01-15 15:56 GunSmoker New Issue
2017-01-15 16:15 GunSmoker File Added: Безымянный.png
2017-01-15 16:15 GunSmoker Note Added: 0055134
2017-01-18 08:00 GunSmoker File Added: view.png
2017-01-18 08:00 GunSmoker File Added: view2.png
2017-01-18 08:00 GunSmoker Note Added: 0055198
2017-01-19 07:34 GunSmoker Note Added: 0055235
2017-01-19 07:45 atrol Assigned To => community
2017-01-19 07:45 atrol Status new => assigned
2017-01-26 15:45 GunSmoker Note Added: 0055350
2017-04-21 02:51 atrol Relationship added related to 0022745