View Issue Details

IDProjectCategoryView StatusLast Update
0015299mantisbtsecuritypublic2013-01-02 02:54
Reporterthraxisp Assigned Toatrol  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionduplicate 
Product Version1.2.12 
Summary0015299: Tags exposed between private projects
Description

With multiple private projects, the list of prospective tags to be added includes tags from all projects, including those that the user has no access to.

TagsNo tags attached.

Relationships

duplicate of 0009716 acknowledged Seperation of tags between projects 

Activities

dregad

dregad

2012-12-17 05:14

developer   ~0034563

My understanding of tags is that they are global, not project-specific so I would think that the behavior you report is as expected (as long as the tags don't actually provide undue visibility to issues)

thraxisp

thraxisp

2012-12-18 23:21

reporter   ~0034573

In our case, the problem was caught because product names from one private project leaked into another.

I could control this with a configuration flag. I would restrict tags to the current project if private, rather than being global.

dregad

dregad

2012-12-19 07:24

developer   ~0034576

The problem as I see it, is that the tag table does not contain a project_id field, so I'm not sure how you could differentiate a private / project-specific tag from a global one.

Maybe a feature request for a future release including a schema change ?

thraxisp

thraxisp

2012-12-19 14:30

reporter   ~0034580

I was going to infer the project from the bugs the tags are attached to. Having a separate field is a simpler / faster idea.

Should this be 1.3 only then?

dregad

dregad

2012-12-19 18:57

developer   ~0034581

I was going to infer the project from the bugs the tags are attached to

Then how would you differentiate "global" tags from project-specific ones ?
It also doesn't sound very efficient from an SQL perspective

Should this be 1.3 only then?

I think it would be better, yes

atrol

atrol

2012-12-22 08:25

developer   ~0034603

Hava a look at the discussion at 0009716 and also the attached patch.

Issue History

Date Modified Username Field Change
2012-12-16 19:43 thraxisp New Issue
2012-12-17 05:14 dregad Note Added: 0034563
2012-12-18 23:21 thraxisp Note Added: 0034573
2012-12-19 07:24 dregad Note Added: 0034576
2012-12-19 14:30 thraxisp Note Added: 0034580
2012-12-19 18:57 dregad Note Added: 0034581
2012-12-22 08:25 atrol Note Added: 0034603
2012-12-22 08:25 atrol Relationship added duplicate of 0009716
2012-12-22 08:25 atrol Status new => resolved
2012-12-22 08:25 atrol Resolution open => duplicate
2012-12-22 08:25 atrol Assigned To => atrol
2013-01-02 02:54 atrol Status resolved => closed