mantisbt:passwordless_protected_access
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
mantisbt:passwordless_protected_access [2007/04/14 15:37] – created vboctor | mantisbt:passwordless_protected_access [2011/11/16 07:38] (current) – The page rendering was broken (maybe since new PHP version on mantisbt.org). Added new line to fix it at end of file. atrol | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Passwordless Protected Access ====== | ====== Passwordless Protected Access ====== | ||
- | > 1. Does the user get a snapshot or access to future changes as well. | + | ===Overview=== |
- | The current state. | + | A user can be given a link of the form http:// |
- | > 2. What access does the user get when accessing this issue? | + | ===Implementation=== |
- | > example, | + | |
- | > does the user then get access to private notes? | + | |
- | In our current implementation no. But that could be an option I | + | A unique key must be generated |
- | guess. We use private notes for internal conversations we don't want | + | |
- | our customers to read. | + | |
- | > 3. Does the user only have read-only access to the issue? | + | (1) generate random key when creating a bug record. Update old bugs through some conversion script. |
+ | (2) create a hash based on the bug id plus some constant random key. That constant key must be different for every Mantis implementation. (Perhaps | ||
- | For us yes, (but they can add notes). We don' | + | Advantages of (1): shorter URL since you don' |
- | increasing priority | + | Advantages of (2): no changes |
- | candidate for some preferences for the Mantis admin to choose. | + | |
- | > 4. What configuration options are going to be used to implement | + | We don't need to set a login cookie at all, since this is effectively an alternative access control. |
- | > feature? | + | |
- | I need to read some more Mantis code to see how this works. | + | ===Configuration options=== |
- | > 5. What are the suggested database changes? | + | [x] enable bug access URL |
+ | [x] allow edit of bug | ||
+ | [x] allow adding notes | ||
+ | [x] show private notes | ||
- | The main one is that we need a random key assigned to each bug. Then: | + | === Example === |
- | + | ||
- | http:// | + | |
- | + | ||
- | will take you directly to the appropriate page. The way we use that | + | |
- | is to put that link into outgoing confirmation emails. Customers can | + | |
- | click on the link to be taken directly to the appropriate task, see | + | |
- | the (public) notes and history and make another note. It is very | + | |
- | important (for us) that this page be highly customised. We want only | + | |
- | a subset of fields (for instance we don't want them to know who is | + | |
- | assigned to the task, or what priority we decide to set it) and we | + | |
- | want a page design which looks pretty. | + | |
Here is an example which we were using for testing a while back: | Here is an example which we were using for testing a while back: | ||
Line 43: | Line 30: | ||
http:// | http:// | ||
- | ===== Some Ideas ===== | + | === Page view === |
- | + | ||
- | * At the moment we implement anonymous access by creating a shared account for it, then automatically authenticated users that don't login as this Mantis user. This provides consistency in determining what the users can see and do. This also gives the administrator/ | + | |
- | * In the case where a customer gets a link with the passphrase for a private issue. The customer should get access | + | The display of the bug should be customisable independently of the regular bug view page. This allows the admin to remove from the view certain fields (eg. who the bug is assigned |
- | * If a logged in user (i.e. viewer, developer, manager or administrator) clicks on a link that has the passphrase, then the passphrase access should override the default access for this user. Hence, the user can preview what non-registered users will see when they visit the same page. | ||
mantisbt/passwordless_protected_access.1176579471.txt.gz · Last modified: 2008/10/29 04:31 (external edit)