View Issue Details

IDProjectCategoryView StatusLast Update
0022203mantisbtfeaturepublic2020-02-04 15:05
ReporterGunSmoker Assigned Tocommunity  
PrioritynormalSeverityfeatureReproducibilityN/A
Status assignedResolutionopen 
Product Version2.0.0 
Summary0022203: Public / external access to tickets by unique URL
Description

Mantis should have a feature of allowing people to view tickets by known URL without having to log in. Currently, Mantis has anonymous access option, which does allow viewing without logging in. However, it does not allow you to control this behaviour per ticket.

The usage case is simple:

  1. You application posts a new bug to Mantis.
  2. You report an unique URL to user.
  3. User can open this URL and track progress of the bug (see its status, may be dev. comments, etc.).
  4. User should not be able to view other tickets (bugs) in this project or any other project.

This can be implemented by adding some random secret value ("token") to each ticket. If this value is present in URL - allow limited read access, otherwise - use normal access rules (cookies, anonymous access, etc.).

For example:
https://bugs.domain.com/view.php?id=631
https://bugs.domain.com/view.php?id=631&token=ya86EXROftHDXfAYG1eq

The first URL should block user unless he is logged in and has access to the project. The second URL should allow limited read access regardless of user being logged in or not.

A simplified front-end page may be added to implement this limited view. Also, a secret token (or full URL) must be passed back to caller when creating/updating bug via API.

Additional Information

https://help.fogcreek.com/7564/public-access-to-cases - "Public Access to Cases"; a similar feature in FogBugz tracker.

TagsNo tags attached.
Attached Files

Relationships

related to 0022745 new Grant Access in VIEW mode (Read Only) 'skipping' user threshold 

Activities

GunSmoker

GunSmoker

2017-01-15 16:15

reporter   ~0055134

An example of this feature in FogBugz.

On the left: case is accessed by unique URL. Only limited view is available.
On the right: case is accessed by logged in user. Full view is available.

Безымянный.png (170,563 bytes)   
Безымянный.png (170,563 bytes)   
GunSmoker

GunSmoker

2017-01-18 08:00

reporter   ~0055198

This is how it is implemented on our server.

view.png (23,971 bytes)   
view.png (23,971 bytes)   
view2.png (36,023 bytes)   
view2.png (36,023 bytes)   
GunSmoker

GunSmoker

2017-01-19 07:34

reporter   ~0055235

https://github.com/mantisbt/mantisbt/pull/1001

GunSmoker

GunSmoker

2017-01-26 15:45

reporter   ~0055350

This can also be integrated with 0022263

GunSmoker

GunSmoker

2020-02-04 15:05

reporter   ~0063582

https://github.com/exceptionless/exceptionless/wiki/Reference-Ids - a similar feature in Exceptionless bug tracker.

Posting new ticket allows you to specify pre-made "reference id" (a custom ID to report back to users, view bug report via web, use in search, etc.)