0006653: Filtered RSS feeds 'not authorised', even with 'make public' - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0006653	mantisbt	rss	public	2006-01-31 00:30	2011-02-28 14:54

Reporter	jdpipe	Assigned To
Priority	normal	Severity	major	Reproducibility	always
Status	new	Resolution	open
Product Version	1.0.0rc5

Summary	0006653: Filtered RSS feeds 'not authorised', even with 'make public'
Description	I just created an RSS feed of resolved and closed bugs on our system: http://pye.dyndns.org/mantis/issues_rss.php?project_id=4&filter_id=9 I clicked 'make public' to make the feed public, and checked that it worked in my browser: it was fine. Then I went over and tried it in Opera, where I didn't have any Mantis session cookie. The same URL failed to work, just as it will fail to work for you. It looks like 'make public' might not be working for filtered RSS feeds. It would be great if this could be fixed for 1.0, assuming it's not a configuration problem at my end. ALSO, the error message is not in RSS format, so the error feed doesn't validate, and the error message can not be viewed via systems like Blogline, etc.
Tags	No tags attached.

vboctor 2006-01-31 01:14 manager ~0012046	Make Public only shares the filter with other authenticated users. RSS feeds at the moment don't support authentication, they are only available for installations that supports anonymous access and are only available for PUBLIC projects.

jdpipe 2006-01-31 01:36 reporter ~0012047	But my project is public, and I have enabled anonymous access, so shouldn't this be working as-is?

thraxisp 2006-01-31 07:44 reporter ~0012048	What value do you have for "$g_stored_query_use_threshold"? Does your anonymous user meet this threshold?

jdpipe 2006-01-31 08:29 reporter ~0012050 Last edited: 2006-01-31 08:30	Yikes! I never knew anything about that.... I checked it and it's not defined in my 'config_inc.php'. In config_defaults_inc.php, it's defined as REPORTER. I guess that's the problem. (a) are there any issues with changing the above to 'VIEWER' or whatever (b) isn't this a bug?? I mean, nothing told me that I needed to change this, and it's not mentioned in a warning when I create my RSS feed and declare it 'make public'. I think that 99.999% of the time, users will expect to be able to access their RSS feeds from whatever RSS aggregator without authentication, so having to do this is definitely counter-intuitive. Cheers JP

vboctor 2006-04-23 08:46 manager ~0012691 Last edited: 2006-04-23 08:47	That will be less of a problem when users use authenticated feeds, since authenticated feeds will run in the same context of the user who created the link to the feed. Authenticated feeds is a feature of Mantis 1.1 which is still in development.

jdpipe 2006-04-23 21:34 reporter ~0012692	FYI my use-case here wasn't personal aggregation. I wanted to have a box with recent bug-tracker activity show up on a shared developer's homepage for the project we're working on. With the 'TWiki' wiki system, in particular. Cheers JP

View Issue Details

Activities