Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-12501

Anonymous Users With View Permissions Can Delete Plan Comments

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Fixed
    • 4.4
    • None
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      In Bamboo admin section, in the Global Permissions section I enabled ACCESS for Anonymous users.

      On one Plan, Anonymous users have View permissions for the plan. If as that anonymous user I navigate to the Plan and then paste a URL into my browser bar for deleting a comment it allows me to Delete the Plan Comment.

      /build/ajax/deleteComment.action?commentId=4784131&buildKey=BAMBOO-TASKS&buildNumber=1

      I would not think that an anonymous user, even with view permissions to the Plan, should be able to delete a comment.

      Attachments

        Issue Links

          is related to

          Suggestion - BAM-11671 Build comments permissions

          • Closed
          copied to

          BDEV-1725 Loading...

          Activity

            People

              Unassigned Unassigned
              ef602377c686 Adam Myatt
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: