Child comment does not respect parent comment security scheme
When a user clicks reply, there is no dropdown to change the security of that comment, as there is on the main/parent comment (http://cl.ly/image/1q18242Z3i0P).
If the user goes back to edit that child comment, the dropdown appears, and it can be hidden based on the schemes in the system (although an email notification could already have been sent)
This leads to the child comments to be visible to users that cannot view the parent comment (thus not having any context, or seeing sensitive data).
Comments (4)
-
-
The security drop-down was not implemented in this add-on. Will try to address this soon.
-
This issue is really critical. I am waiting for the solution to start using this plugin. Vrenjith, thanks for the replay.
-
Inherit the parent's permission: https://bitbucket.org/michel_tremblay/jira-threaded-comments/branch/fix_permission
- Log in to comment
We would rather disable this add-on until this is fixed than running the risk of discussing internal issues and have jira-user see this.