Modify

Opened 8 years ago

Last modified 7 years ago

#13197 accepted defect

TICKET_ADD_HOURS permission can edit Total Hours in browser

Reported by: anonymous Owned by: EmeCas
Priority: normal Component: TracHoursPlugin
Severity: normal Keywords: Chrome
Cc: Trac Release: 1.2

Description

Using the Chrome browser, a developer can edit the hours field on the ticket page.

If the user has the TICKET_VIEW_HOURS permission, for the Total Hours field they get a link to the hours page. If the user has the TICKET_ADD_HOURS permission, only in Chrome browser, they can edit the Total Hours field.

Attachments (7)

Trac - Editable Total Hours bug.png (62.8 KB) - added by anonymous 7 years ago.
Editable Total Hours field
Trac Permissions.jpg (43.3 KB) - added by anonymous 7 years ago.
Permissions
Trac Plugins.jpg (64.7 KB) - added by anonymous 7 years ago.
Plugins
Trac - About.jpg (89.4 KB) - added by anonymous 7 years ago.
About Page Info
Issue13197.PNG (55.2 KB) - added by EmeCas 7 years ago.
NoIssue13197.png (100.0 KB) - added by EmeCas 7 years ago.
NoIssue2_13197.png (99.9 KB) - added by EmeCas 7 years ago.

Download all attachments as: .zip

Change History (18)

comment:1 Changed 8 years ago by anonymous

Actually, the browser doesn't matter. If the user has TICKET_ADD_HOURS permission, they can edit any ticket's Total Hours field in the Modify Ticket section?

comment:2 Changed 8 years ago by anonymous

Summary: Chrome browser can edit Total HoursTICKET_ADD_HOURS permission can edit Total Hours in browser

comment:3 in reply to:  1 Changed 8 years ago by EmeCas

Replying to anonymous:

They cannot, the current behavior is: the user can edit his/her hours in the /hours/<ticket#> page. You cannot edit the total hours directly, it's a calculate field.

would you expect a different behavior ?

Last edited 8 years ago by Ryan J Ollos (previous) (diff)

comment:4 Changed 8 years ago by EmeCas

I've tested in Chrome, Firefox, and Edge if I go to edit ticket the field value for the Total Hours field is a hyperlink (for all cases) that takes you to the page: /hours/<ticket_number>

There is not way to edit the field directly. If that is the case for you, please provide screenshots, also double check you are not referring to Estimated Hours field instead.

Thanks

Changed 7 years ago by anonymous

Editable Total Hours field

comment:5 Changed 7 years ago by anonymous

If a user is given the TICKET_ADD_HOURS permission but not the TICKET_VIEW_HOURS permission, when they go to "Modify Ticket" section of the ticket, the Total Hours field shows up as an editable text box. I've attached an image as reference.

comment:6 Changed 7 years ago by anonymous

I've also added attachments of our Permissions and Plugins for reference.

Changed 7 years ago by anonymous

Attachment: Trac Permissions.jpg added

Permissions

Changed 7 years ago by anonymous

Attachment: Trac Plugins.jpg added

Plugins

comment:7 Changed 7 years ago by EmeCas

Status: newaccepted

comment:8 Changed 7 years ago by anonymous

Thanks again for looking into this.

comment:9 in reply to:  8 Changed 7 years ago by EmeCas

Replying to anonymous:

My pleasure :)

May you make me an additional favor? attach your About Trac page /about (as administrator).

I was able to reproduce just in one installation, I need to verify versions for sections: system and plugins.

Thanks

Thanks again for looking into this.

Last edited 7 years ago by EmeCas (previous) (diff)

Changed 7 years ago by anonymous

Attachment: Trac - About.jpg added

About Page Info

comment:10 Changed 7 years ago by anonymous

About Page has been added for info

Changed 7 years ago by EmeCas

Attachment: Issue13197.PNG added

Changed 7 years ago by EmeCas

Attachment: NoIssue13197.png added

comment:11 Changed 7 years ago by EmeCas

These are the 2 configurations with the issue and other one without the issue:

Original IssueReproduced IssueNo IssueNo Issue
About Page Info

How hard is for you upgrade versions of Trac to 1.2.2 and Genshi to 0.8?

I have downgraded Genshi to 0.7 and Trac to 1.2 and the installation is still working without issue, so it has to be anything else.

Last edited 7 years ago by EmeCas (previous) (diff)

Changed 7 years ago by EmeCas

Attachment: NoIssue2_13197.png added

Modify Ticket

Change Properties
Set your email in Preferences
Action
as accepted The owner will remain EmeCas.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.