Security Token did not match. Possible CSRF attack.
mantisbt:issue:2077
Table of Contents
Bug 2077
Current situation
News can be posted to:
- a single project ( default threshold = MANAGER )
- “All Projects” ( needs ADMINISTRATOR priv )
News Attributes
- Announcement :: news marked as such are sorted before others
- Public/private :: private news are visible by users above threshold ( default = DEVELOPER )
Visibility
When “All projects” is selected:
- Only news posted to “All projects” are shown
When a specific Project is selected:
- News from the project + “All project” news are shown
Proposed scenario
The main two shortcomings of the current situation are:
1. the "All project" semantic in the news page is not consistent with the other pages 2. MANAGERs can not post news with the "All project" visibility
News attributes
A new is_global flag will be available for the MANAGER to mark news to be visible everywhere. Basically, this flag replaces the posting on “All projects”
Visibility
When “All projects” is selected:
- All news from all projects are shown ( this solves 1. )
When a specific Project is selected:
- News from the project + news marked “is_global” are shown ( this solves 2. )
Of course the current situation where users are able to see only the news entry that they have access to will be preserved. This will depend on which projects they are members of, what is their access level for these projects, whether the news are public or private.
Implementation to-do list
UPDATE SCRIPT
- schema change on news_table_page (is_global TINYINT(1) DEFAULT 0)
- mark former “All projects” news with the “is_global” flag
PAGES AND OTHER
- add new flag to add/edit news page
- clearly mark the news as “global” when shown in other projects
- ? prevent posts on “All projects”
- ? specific threshold for posting global news
mantisbt/issue/2077.txt · Last modified: 2008/10/29 04:36 by 127.0.0.1