Plugin Developer DiscussionDiscussion for FogBugz Plugin developers |
||
Got a bug report today on my plug-in that I found a little strange.
In the BugEventDisplay method of the IPluginBugEventDisplay interface I tried to execute the following code: int ixBug = BugEvent.ixBug; //BugEvent is an item passed into the method in the CBugEvent[] array. BugEvent is one of the elements passed in on CBugEvent[] parameter. The following error was thrown: FogCreek.FogBugz.Exception.FogBugzSecurityException: The user does not have permission to read this object. at FogCreek.FogBugz.CProxyReadOnlyBase.AssertReadable() at FogCreek.FogBugz.Plugins.Entity.CBugEvent.get_ixBug() Note: This only happens after a new bug is submitted by an anonymous user. Now granted. I setting ignorepermissions fixes the problem. However, I am a bit confused about why bugevents are being passed into the BugEventDisplay that the current user doesn't have read permissions on. My code (apparently naively) assumed that anything passed into this method was already blessed by FB for the current user. For now I'll just go with ignorepermissions, but I am a little concerned that doing this without understanding what is going on might introduce a security hole. Any clarification would be welcome. |
Powered by FogBugz