Launchpad itself

Any logged in user can delete any attachments

Bug #117752 reported by Diogo Matsubara on 2007-05-30

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Fix Released	High	Thiago F. Pappacena

Bug Description

The fix for bug 48771 allows any logged in user to delete any attachment.

Tom suggests:
"I think this should be restricted to allowing any logged in user to delete their own attachments, or any member of the Launchpad Admins team to delete any attachment."

Followed by Bjorn:
"I guess that's quite sensible, although I think bug contacts should be
able to delete attachments as well. The main reason for that is that
theres a re-tracing service for Ubuntu's crash reports, which should be
able to delete the attached core dumps. Until we have a proper crash
database, it needs to have permission to delete other people's
attachments."

Tags:

Related branches

~cjwatson/launchpad:bug-attachment-removal-roles

Merged into launchpad:master

Thiago F. Pappacena (community): Approve on 2020-04-20

~pappacena/launchpad:bug-attachment-removal-restrictions

Merged into launchpad:master

Colin Watson (community): Approve on 2020-04-17

Björn Tillenius (bjornt) on 2008-09-08

Changed in malone:
importance:	Undecided → Low
status:	New → Triaged

Colin Watson (cjwatson) on 2020-04-01

Changed in launchpad:
importance:	Low → High

Thiago F. Pappacena (pappacena) on 2020-04-01

Changed in launchpad:
assignee:	nobody → Thiago F. Pappacena (pappacena)

Thiago F. Pappacena (pappacena) on 2020-04-01

Changed in launchpad:
status:	Triaged → In Progress

Colin Watson (cjwatson) on 2020-04-20

Changed in launchpad:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1869962

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.