Changing a bug's information_type grants access to all direct subscribers
Bug #1014922 reported by
Ian Booth
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Fix Released
|
High
|
j.c.sackett | ||
Bug Description
When a bug is changed from public -> private, users in specified roles need to be automatically subscribed eg security contact is subscribed to embargoed security bug. Furthermore, subscribers to the bug need to be granted access if they cannot see the bug in its new state. However, all direct subscribers on the bug are granted access when the information type changes. What we want instead is for users not in one of the allowed roles, or who do not have access to the bug via an AAG or APG, to be excluded.
Related branches
lp:~jcsackett/launchpad/remove-bad-subscribers
- Curtis Hovey (community): Approve (code)
- Diff: 0 lines
| Changed in launchpad: | |
| assignee: | nobody → j.c.sackett (jcsackett) |
| status: | Triaged → In Progress |
Revision history for this message
| Ian Booth (wallyworld) wrote | #1 |
| tags: | added: privacy |
| tags: | added: information-type |
| security vulnerability: | yes → no |
| visibility: | private → public |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #2 |
| tags: | added: qa-needstesting |
| Changed in launchpad: | |
| status: | In Progress → Fix Committed |
| security vulnerability: | no → yes |
| visibility: | public → private |
| tags: |
added: qa-ok removed: qa-needstesting |
| Changed in launchpad: | |
| status: | Fix Committed → Fix Released |
| visibility: | private → public |
To post a comment you must log in.
Jon, there is a method on the sharing service, getPeopleWithou