View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0035683mantisbtauthorizationpublic2025-04-02 12:162025-04-20 17:05
Reporterhalibut Assigned Todregad  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionduplicate 
Product Version2.27.0 
Summary0035683: Invite user to private issue
Description

My Mantis install has internal and external users :

  • Public issues are visible to all users (g_limit_view_unless_threshold left to its default value of ANYBODY)
  • Private issues are only visible to internal users + reporter / handler

We have a limited number of external users (a bit more than a hundred) that we all know in real life. For that reason, we often want to include extra users to a private issue if we think they may experience the same problem or know a solution to it.

I expected adding them as monitors would grant them access, but it doesn't. I suggest to change this behavior.

I don't think granting monitors access to private issues would be a security threat, since you can't add yourself as monitor, you would need prior access to the issue to do that.

Additional Information

A very similar issue was discussed in 0033404. It was about a regression when g_limit_view_unless_threshold has a non-default value. It was only noted that is had always worked that way with the default value (but not why).

I'm willing to submit a PR on Github for this it we agree on the idea.

TagsNo tags attached.

Relationships

Relationship GraphDependency Graph
duplicate of 0005702 acknowledged Giving access to private issues to users who are monitoring them 
related to 0033404 closedatrol Unable to grant user access to private issue by adding them as a monitoring user 

Activities

dregad

dregad

2025-04-08 03:14

developer   ~0070114

I agree this would be a useful feature, which it has been requested and discussed several times in the past.

Contributions are welcome, but note that implementing this properly is not as simple as it may seem, due to the security implications in terms of visibility (data disclosure). I suggest you read the related Issues.

I'm closing this as duplicate of 0005702.