Project

General

Profile

Actions

Defect #12287

open

Time entries of private issues are visible by users without permission to see them

Added by Ricardo S almost 12 years ago. Updated about 2 years ago.

Status:
Needs feedback
Priority:
High
Assignee:
-
Category:
Time tracking
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

By accessing /projects/:id/time_entries users can see time entries submitted on privates issues even if they don't have access to the issue.

Affected version:
Redmine: 2.1.2.devel.10772
Rails: 3.2.8
Ruby: 1.9.3 (x86_64-linux)


Related issues

Has duplicate Redmine - Defect #37729: Time entries listed/visible even for issues not accessible by userClosed

Actions
Actions

Also available in: Atom PDF