View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0015299||mantisbt||security||public||2012-12-16 19:43||2013-01-02 02:54|
|Summary||0015299: Tags exposed between private projects|
With multiple private projects, the list of prospective tags to be added includes tags from all projects, including those that the user has no access to.
|Tags||No tags attached.|
My understanding of tags is that they are global, not project-specific so I would think that the behavior you report is as expected (as long as the tags don't actually provide undue visibility to issues)
In our case, the problem was caught because product names from one private project leaked into another.
I could control this with a configuration flag. I would restrict tags to the current project if private, rather than being global.
The problem as I see it, is that the tag table does not contain a project_id field, so I'm not sure how you could differentiate a private / project-specific tag from a global one.
Maybe a feature request for a future release including a schema change ?
I was going to infer the project from the bugs the tags are attached to. Having a separate field is a simpler / faster idea.
Should this be 1.3 only then?
Then how would you differentiate "global" tags from project-specific ones ?
I think it would be better, yes
Hava a look at the discussion at 0009716 and also the attached patch.
|2012-12-16 19:43||thraxisp||New Issue|
|2012-12-17 05:14||dregad||Note Added: 0034563|
|2012-12-18 23:21||thraxisp||Note Added: 0034573|
|2012-12-19 07:24||dregad||Note Added: 0034576|
|2012-12-19 14:30||thraxisp||Note Added: 0034580|
|2012-12-19 18:57||dregad||Note Added: 0034581|
|2012-12-22 08:25||atrol||Note Added: 0034603|
|2012-12-22 08:25||atrol||Relationship added||duplicate of 0009716|
|2012-12-22 08:25||atrol||Status||new => resolved|
|2012-12-22 08:25||atrol||Resolution||open => duplicate|
|2012-12-22 08:25||atrol||Assigned To||=> atrol|
|2013-01-02 02:54||atrol||Status||resolved => closed|