Creating customer limited areas

Hi all,

I've been hacking on making a setup with these properties:
  • customers can view all the issues anyone in their company has issued
  • customers and internal devs can communicate via issue comments
  • multiple customer companies cannot see each other's issues (so private stack traces are private)
  • customers can VIEW but not EDIT issue fields

So far I was able to get #1-3 working with groups, roles and the workflow editor to automatically set the "visible to" field during issue creation.

The primary issue is the latter one... I have turned many fields "private" and that's great.  But for the public fields, it seems in my testing that a 'customer' user not only can VIEW but can also EDIT that field.  Meaning they can mess with the 'fixed-in-version' field which isn't really allowed.

What can be done to prevent this?
1 comment
Comment actions Permalink
to be more specific here, while a customer login cannot change a bug they havent submitted, they are able to change the fields on a bug they did submit.  I don't want that.
0

Please sign in to leave a comment.