Any logged in user can delete any attachments
Bug #117752 reported by
Diogo Matsubara
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Thiago F. Pappacena |
Bug Description
The fix for bug 48771 allows any logged in user to delete any attachment.
Tom suggests:
"I think this should be restricted to allowing any logged in user to delete their own attachments, or any member of the Launchpad Admins team to delete any attachment."
Followed by Bjorn:
"I guess that's quite sensible, although I think bug contacts should be
able to delete attachments as well. The main reason for that is that
theres a re-tracing service for Ubuntu's crash reports, which should be
able to delete the attached core dumps. Until we have a proper crash
database, it needs to have permission to delete other people's
attachments."
Related branches
~cjwatson/launchpad:bug-attachment-removal-roles
Merged
into
launchpad:master
- Thiago F. Pappacena (community): Approve
-
Diff: 153 lines (+48/-28)2 files modifiedlib/lp/bugs/browser/tests/test_bugattachment_edit_view.py (+24/-4)
lib/lp/bugs/security.py (+24/-24)
~pappacena/launchpad:bug-attachment-removal-restrictions
Merged
into
launchpad:master
- Colin Watson (community): Approve
-
Diff: 482 lines (+150/-107)9 files modifiedlib/lp/bugs/browser/bugattachment.py (+7/-3)
lib/lp/bugs/browser/tests/test_bugattachment_edit_view.py (+52/-41)
lib/lp/bugs/browser/tests/test_bugattachment_file_access.py (+3/-2)
lib/lp/bugs/configure.zcml (+4/-3)
lib/lp/bugs/doc/bugattachments.txt (+7/-13)
lib/lp/bugs/interfaces/bugattachment.py (+48/-40)
lib/lp/bugs/model/bugattachment.py (+1/-1)
lib/lp/bugs/security.py (+10/-4)
lib/lp/bugs/stories/bugattachments/xx-delete-bug-attachment.txt (+18/-0)
Changed in malone: | |
importance: | Undecided → Low |
status: | New → Triaged |
Changed in launchpad: | |
importance: | Low → High |
Changed in launchpad: | |
assignee: | nobody → Thiago F. Pappacena (pappacena) |
Changed in launchpad: | |
status: | Triaged → In Progress |
Changed in launchpad: | |
status: | In Progress → Fix Released |
To post a comment you must log in.