Permissions Overview
For a general overview of FogBugz permissions, see Managing FogBugz Permissions.
Permissions in Plugins
By default, objects in the Plugin API enforce the permissions of the current user. These permissions are enforced in two main ways.
Entity Member Security
FogBugz objects enforce permissions by throwing a FogBugzSecurityException when an operation is attempted and the current user does not have the required permission. Permissions can be overridden for a particular object by calling object.IgnorePermissions = true. For more information, see Entity Member Security.
Database Query Security
Database queries that reference FogBugz tables enforce permissions in one of two ways:
- Any query method that directly exposes a database field from a FogBugz table is always considered to be unsafe (for example, CSelectQuery.GetDataSet). Any call to these methods will throw a FogBugzSecurityException unless IgnorePermissions is set to true.
- Query methods that return entity objects by default will only include objects that the current user can see (has read permissions on). The objects returned will still enforce permissions as described in Entity Member Security. The default behavior can be modified by setting ExcludeReadable, ExcludeWritable, or other similar properties.
For more information, see Database Query Security.