Determining project of a work item
We have multiple projects in the same repository. There are different
users authorized to the projects.
Say user A owns a work item in project X. User B in project Y then
creates a link from a project Y work item to the work item in project X.
User A then receives an email notification with a URL to the work item
in project Y. But the user is not authorized to project Y, so user A
can't see the linked work item.
The real question is how does user A determine which of the projects in
the repository to request access to?
The URL in the email doesn't contain the project name, only:
https://<servername>:<port>/jazz/resource/itemName/com.ibm.team.workitem.WorkItem/<work>
users authorized to the projects.
Say user A owns a work item in project X. User B in project Y then
creates a link from a project Y work item to the work item in project X.
User A then receives an email notification with a URL to the work item
in project Y. But the user is not authorized to project Y, so user A
can't see the linked work item.
The real question is how does user A determine which of the projects in
the repository to request access to?
The URL in the email doesn't contain the project name, only:
https://<servername>:<port>/jazz/resource/itemName/com.ibm.team.workitem.WorkItem/<work>
2 answers
Providing the name of the project area could be a leakage of sensitive
information, so no, this is not something that is available.
Cheers,
Geoff
On 11/8/2010 10:50 AM, Mark Ingebretson wrote:
information, so no, this is not something that is available.
Cheers,
Geoff
On 11/8/2010 10:50 AM, Mark Ingebretson wrote:
We have multiple projects in the same repository. There are different
users authorized to the projects.
Say user A owns a work item in project X. User B in project Y then
creates a link from a project Y work item to the work item in project X.
User A then receives an email notification with a URL to the work item
in project Y. But the user is not authorized to project Y, so user A
can't see the linked work item.
The real question is how does user A determine which of the projects in
the repository to request access to?
The URL in the email doesn't contain the project name, only:
https://<servername>:<port>/jazz/resource/itemName/com.ibm.team.workitem.WorkItem/<work
item ID
On 11/8/10 11:20 PM, Geoffrey Clemm wrote:
Geoff,
Thanks for your reply.
I guess that means that the only way to determine the project for
requesting access is to have someone with JazzAdmin permission look up
the project name by work item ID.
Your argument about protecting project names loses a little steam if you
look at what happens when you follow a link to a project you don't have
access to. At least in the RTC 3 beta RC2, following the link in the
web client resulted in an error message, something like "Permission
Denied". But if you look at the URL in the browser, the error message
web page URL has a project name in it. Unfortunately for us, it's not
the project X or the project Y project name, but a third, unrelated
project! Maybe the destination work item had another link to the third
project, I don't know.
Mark
Geoff,
Thanks for your reply.
I guess that means that the only way to determine the project for
requesting access is to have someone with JazzAdmin permission look up
the project name by work item ID.
Your argument about protecting project names loses a little steam if you
look at what happens when you follow a link to a project you don't have
access to. At least in the RTC 3 beta RC2, following the link in the
web client resulted in an error message, something like "Permission
Denied". But if you look at the URL in the browser, the error message
web page URL has a project name in it. Unfortunately for us, it's not
the project X or the project Y project name, but a third, unrelated
project! Maybe the destination work item had another link to the third
project, I don't know.
Mark
Providing the name of the project area could be a leakage of sensitive
information, so no, this is not something that is available.
Cheers,
Geoff
On 11/8/2010 10:50 AM, Mark Ingebretson wrote:
We have multiple projects in the same repository. There are different
users authorized to the projects.
Say user A owns a work item in project X. User B in project Y then
creates a link from a project Y work item to the work item in project X.
User A then receives an email notification with a URL to the work item
in project Y. But the user is not authorized to project Y, so user A
can't see the linked work item.
The real question is how does user A determine which of the projects in
the repository to request access to?
The URL in the email doesn't contain the project name, only:
https://<servername>:<port>/jazz/resource/itemName/com.ibm.team.workitem.WorkItem/<work
item ID