Project

General

Profile

Actions

Defect #19187

closed

Roadmap links in subproject

Added by Dmc NSG about 9 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Roadmap
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Duplicate
Affected version:

Description

I have redmine with Project1 and Subproject2. There are two versions in Project1: Ver1 and Ver2, both shared with subprojects.
Then I have two users: Admin1 and User2.
Admin can view everything. User2 is assigned to Subproject2.
There are 2 issues in Project1/Ver1, 3 in Project1/Ver2 and 4 in Subproject2/Ver1.

For User2 links in roadmap are broken. They all link to Project1. Numbers are wrong too, this particular user should see only 4 issues, and not everything from Project1 - 9 issues. Links points to Project1 so they give 403 for that user.

I think that version.issue count should include permissions. Links should point to right context which is actual project.
Or maybe there should be more links for more cotexts like:
9 issues (0 closed — 9 open) - Project1
4 issues (0 closed — 4 open) - Subproject1/Ver2

Right now this place constantly gives 403 error, users are not allowed to view parent project, they expect to see their context (smaller number of issues and query from actual project).


Files


Related issues

Related to Redmine - Defect #15248: Ticket count in roadmap view wrongClosed

Actions
Related to Redmine - Defect #19059: Wrong number of issues for a version in the roadmapClosed

Actions
Is duplicate of Redmine - Patch #27676: Information leak on roadmap and versions viewClosedJean-Philippe Lang

Actions
Actions #1

Updated by Toshi MARUYAMA about 9 years ago

  • Related to Defect #15248: Ticket count in roadmap view wrong added
Actions #2

Updated by Toshi MARUYAMA about 9 years ago

  • Related to Defect #19059: Wrong number of issues for a version in the roadmap added
Actions #3

Updated by Kevin Palm about 7 years ago

+1

Actions #4

Updated by Marius BĂLTEANU over 6 years ago

This issue was fixed by r17051.

I've attached a test that passes on the current trunk, but fails on r17049 or any other revision before.

In case of #27676 will not be made public, I propose to add this issue to version 4.0.0 because it deserve to be in the changelog, it is an important fix.

Actions #5

Updated by Marius BĂLTEANU almost 6 years ago

@Go Maeda, can you take a look on this issue and my last comment? I really think that it is important to add this ticket and the related one to the changelog.

Actions #6

Updated by Go MAEDA almost 6 years ago

Marius BALTEANU wrote:

In case of #27676 will not be made public, I propose to add this issue to version 4.0.0 because it deserve to be in the changelog, it is an important fix.

Do you think it will be OK if #27676 appears in the changelog like other security issues? If so, I will set #27676's target version to 4.0.0 and commit the test you wrote as a part of #27676.

Actions #7

Updated by Marius BĂLTEANU almost 6 years ago

Go MAEDA wrote:

Do you think it will be OK if #27676 appears in the changelog like other security issues? If so, I will set #27676's target version to 4.0.0 and commit the test you wrote as a part of #27676.

Sounds good to me.

That means we can close these two tickets (this one and #19059) with resolution "Duplicate"?

Actions #8

Updated by Go MAEDA almost 6 years ago

  • Status changed from New to Closed
  • Resolution set to Duplicate

Marius BALTEANU wrote:

This issue was fixed by r17051.

Exactly.

I've attached a test that passes on the current trunk, but fails on r17049 or any other revision before.

Committed the test in r17251.

Actions #9

Updated by Go MAEDA almost 6 years ago

  • Is duplicate of Patch #27676: Information leak on roadmap and versions view added
Actions

Also available in: Atom PDF