https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292013-04-14T06:45:39ZRedmineRedmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=485442013-04-14T06:45:39ZToshi MARUYAMA
<ul><li><strong>Category</strong> set to <i>SCM</i></li></ul> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=485452013-04-14T07:35:22ZToshi MARUYAMA
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Confirmed</i></li><li><strong>Target version</strong> set to <i>2.3.1</i></li></ul> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=485462013-04-14T07:44:21ZToshi MARUYAMA
<ul><li><strong>Target version</strong> changed from <i>2.3.1</i> to <i>2.4.0</i></li></ul> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=485472013-04-14T08:03:22ZToshi MARUYAMA
<ul><li><strong>Subject</strong> changed from <i>Repositories bypassses roles and pesmissions</i> to <i>SCM auto status change bypassses roles and pesmissions</i></li></ul> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=485892013-04-15T07:04:03ZEtienne Massip
<ul></ul><p>I disagree with this one, Anonymous here is not the Redmine anonymous user but a developer <strong>which has commit access</strong> to the repository and which SCM identifier is not mapped to an actual Redmine user, this is far from being a lambda person but a member of the project.</p>
<p>This should not be touched IMHO.</p> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=485952013-04-15T09:13:26ZMarcus Rejås
<ul></ul><p>Etienne Massip wrote:</p>
<blockquote>
<p>I disagree with this one, Anonymous here is not the Redmine anonymous user but a developer <strong>which has commit access</strong> to the repository and which SCM identifier is not mapped to an actual Redmine user, this is far from being a lambda person but a member of the project.</p>
<p>This should not be touched IMHO.</p>
</blockquote>
<p>I understand but it might lead to security breaches. You say that the person is being member of the project, but really it is member of <em>any</em> project. So if a committer by accident or on purpose mistypes the issue-id or enters one belonging to an external ticket system he or she might change things in a project where he or she might not have access. The person who made the mistake will not then be alerted at all and have no way to correct the problem.</p>
<p>My solution is to add three configuratoin options to the repos.</p>
<p>[] Allow altering of tickets through commit messages<br />[] Allow system wide altering of tickets through commit messages<br />[] Allow Non-mapped users in the repo to alter tickets through commit messages</p>
<p>We track external repos in some projects and this led to some confusion (to say the least) ...</p> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=500812013-06-16T11:07:13ZToshi MARUYAMA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/14276">Defect #14276</a>: Limit users than can reference and fix issues in commit messages</i> added</li></ul> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=500922013-06-18T06:43:34ZToshi MARUYAMA
<ul><li><strong>Related to</strong> deleted (<i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/14276">Defect #14276</a>: Limit users than can reference and fix issues in commit messages</i>)</li></ul> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=500952013-06-18T06:44:07ZToshi MARUYAMA
<ul><li><strong>Has duplicate</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/14276">Defect #14276</a>: Limit users than can reference and fix issues in commit messages</i> added</li></ul> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=508832013-07-30T12:23:36ZEtienne Massip
<ul><li><strong>Subject</strong> changed from <i>SCM auto status change bypassses roles and pesmissions</i> to <i>SCM auto status change bypassses roles and permissions</i></li></ul> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=518222013-09-17T01:16:33ZToshi MARUYAMA
<ul><li><strong>Has duplicate</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/14826">Defect #14826</a>: Project permissions not respected in Fix/Reference commit</i> added</li></ul> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=524832013-10-13T08:14:00ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Target version</strong> changed from <i>2.4.0</i> to <i>Candidate for next major release</i></li></ul><p>The root problem should be fixed by <a class="changeset" title="scm: git: remove localtime (#6346). No needs to use localtime. If we use localtime, we should cl..." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/4823">r4823</a> which disables issue updates when importing old commits. The requested option "Allow system wide altering of tickets through commit messages" is also already available as "Allow issues of all the other projects to be referenced and fixed".</p> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=525182013-10-13T22:33:56ZMischa The Evil
<ul></ul><p>Jean-Philippe Lang wrote:</p>
<blockquote>
<p>The root problem should be fixed by <a class="changeset" title="scm: git: remove localtime (#6346). No needs to use localtime. If we use localtime, we should cl..." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/4823">r4823</a> [...]</p>
</blockquote>
<p>FTR: it should read <em>issue</em> <a class="issue tracker-2 status-1 priority-4 priority-default" title="Feature: Don't evaluate commit-message "refs, closes, ..." when adding a repository (New)" href="https://www.redmine.org/issues/4823">#4823</a> (and <a class="changeset" title="Don't update issues nor log time when importing old changesets (#4823)." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/12199">r12199</a>).</p> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=525452013-10-14T07:20:05ZToshi MARUYAMA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-1 priority-4 priority-default" href="/issues/4823">Feature #4823</a>: Don't evaluate commit-message "refs, closes, ..." when adding a repository</i> added</li></ul> Redmine - Defect #13762: SCM auto status change bypassses roles and permissionshttps://www.redmine.org/issues/13762?journal_id=681732015-12-30T05:50:39ZGo MAEDA
<ul><li><strong>Has duplicate</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/13792">Feature #13792</a>: Fixing via git push should not break workflow</i> added</li></ul>