Plugin Developer Discussion

Discussion for FogBugz Plugin developers

BugEvent Permissions Quandry

Got a bug report today on my plug-in that I found a little strange.

In the BugEventDisplay method of the IPluginBugEventDisplay interface I tried to execute the following code:

int ixBug = BugEvent.ixBug; //BugEvent is an item passed into the method in the CBugEvent[] array.

BugEvent is one of the elements passed in on CBugEvent[] parameter.

The following error was thrown:
FogCreek.FogBugz.Exception.FogBugzSecurityException: The user does not have permission to read this object.

  at FogCreek.FogBugz.CProxyReadOnlyBase.AssertReadable()
  at FogCreek.FogBugz.Plugins.Entity.CBugEvent.get_ixBug()

Note: This only happens after a new bug is submitted by an anonymous user.

Now granted. I setting ignorepermissions fixes the problem. However, I am a bit confused about why bugevents are being passed into the BugEventDisplay that the current user doesn't have read permissions on. My code (apparently naively) assumed that anything passed into this method was already blessed by FB for the current user.

For now I'll just go with ignorepermissions, but I am a little concerned that doing this without understanding what is going on might introduce a security hole. Any clarification would be welcome.
John Fuex Send private email
Thursday, July 23, 2009
Sounds like a bug on our end.  Go ahead and set IgnorePermissions for now and I'll open a case to fix it.
David Fullerton Send private email
Thursday, July 23, 2009

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz