View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0006983||Kali Linux||[All Projects] Kali Websites & Docs||public||2021-01-10 11:27||2021-03-22 11:17|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||Fixed in Version|
|Summary||0006983: Permission problems in Kali bugtracker|
|Description||Haven't found any better fitting category so had chosen "Kali Websites & Docs".|
I have noticed that you seems to have some permission problems in this bug tracker for the standard "Reporter" account.
For example reporters can "Clone" an issue like happen in e.g. 0006912 (clone of 0006903) or 0006960 / 0006962 (clone 0006907) plus many additional ones, i don't think that such "Reporters" should have the possibility to Clone existing issues.
In addition e.g. "Reporters" can report an issue in the "Queued Tool Addition" category like seen in 0006981:0014079, this probably should be prevented by setting stricter permissions to that category.
On the other hand there are too strict permissions and reporters can't even edit their own comments / issues and also can't close them on their own.
Suggestions for the permissions of the "Reporter" level:
- Disallow "Clone" functionality
- Disallow creating issues in the "Queued Tool Addition" category
- Allow editing the own issues / comments
- Allow closing the own issues
Aaaaaand, it happened again: #7096, #7095, #7094 which are all three wrongly done clones of 0007044
You should really really rework your permissions, at least for the "Reporter" level.
||#7097 is also a clone of 0007068 done by the same user...|
||And another one: #0007103|
||Why are you also allow reporters to change the severity to e.g. intermediate? If anyone can set their own priorities anyone thinks the own bugreport is the most important one.|
I would gladly configure mantis to avoid those problems, in fact I already tried... but there's no option to control who can clone. If you can report a bug, then you can clone.
You might want to open a feature request to the upstream project. I'm not sure if there's a setting to limit who can change the priority either.
|2021-01-10 11:27||kali-bugreport||New Issue|
|2021-01-10 14:04||kali-bugreport||Note Added: 0014093|
|2021-03-13 11:13||kali-bugreport||Note Added: 0014342|
|2021-03-13 11:33||kali-bugreport||Note Added: 0014343|
|2021-03-20 05:50||kali-bugreport||Note Added: 0014375|
|2021-03-21 12:59||kali-bugreport||Note Added: 0014377|
|2021-03-22 11:17||rhertzog||Note Added: 0014382|
|2021-03-22 11:17||rhertzog||Note Edited: 0014382||View Revisions|