Discussion for FogBugz Plugin developers
Got a bug report today on my plug-in that I found a little strange.
In the BugEventDisplay method of the IPluginBugEventDisplay interface I tried to execute the following code:
int ixBug = BugEvent.ixBug; //BugEvent is an item passed into the method in the CBugEvent array.
BugEvent is one of the elements passed in on CBugEvent parameter.
The following error was thrown:
FogCreek.FogBugz.Exception.FogBugzSecurityException: The user does not have permission to read this object.
Note: This only happens after a new bug is submitted by an anonymous user.
Now granted. I setting ignorepermissions fixes the problem. However, I am a bit confused about why bugevents are being passed into the BugEventDisplay that the current user doesn't have read permissions on. My code (apparently naively) assumed that anything passed into this method was already blessed by FB for the current user.
For now I'll just go with ignorepermissions, but I am a little concerned that doing this without understanding what is going on might introduce a security hole. Any clarification would be welcome.
Thursday, July 23, 2009
This topic is archived. No further replies will be accepted.Other recent topics