Defect #19693

Context menu is unaware of the field permissions

Added by Anonymous over 2 years ago. Updated over 2 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Issues
Target version:-
Resolution: Affected version:3.0.1

Description

User can see the field via context menu even if that field is not visible for that user.
Steps to reproduce: Create a custom filed with visibility set for Manager only. Log in as member and from the issue list, right click on the issue to see the hidden field.

member.png (11.4 KB) Toshi MARUYAMA, 2015-04-23 08:29

admin.png (29.2 KB) Toshi MARUYAMA, 2015-04-23 08:29

bool.png (42.2 KB) Toshi MARUYAMA, 2015-04-23 08:29

CustomField Rating.png (17.6 KB) Anonymous, 2015-04-23 13:10

non_member_view.png (69.3 KB) Anonymous, 2015-04-23 13:13

CustomFieldRating.png (17.6 KB) Anonymous, 2015-04-23 13:20

Admin_issue_view.png (64.8 KB) Anonymous, 2015-04-23 13:31

non_member_issue_view.png (63.4 KB) Anonymous, 2015-04-23 13:31

History

#1 Updated by Toshi MARUYAMA over 2 years ago

I cannot reproduce on trunk r14192.



#2 Updated by Anonymous over 2 years ago

Toshi MARUYAMA wrote:

I cannot reproduce on trunk r14192.



I've tried in a public project and restricted the access to some of the members

I'm seeing this field as non member too

But non member is not able to see these fields in the issues view
I also had the same issue with redmine 3.0.1
But the one I was able to show is with 2.5.1.stable

Environment:
Redmine version 2.5.1.stable
Ruby version 1.9.3-p231 (2012-05-25) [i386-mingw32]
Rails version 3.2.17
Environment production
Database adapter Mysql2

#3 Updated by Anonymous over 2 years ago

#4 Updated by Anonymous over 2 years ago


Admin can see the two fields in the issue view


Non member is not able to see them there (this is correct) But he is able to see it in the context menu as in the above image

#5 Updated by Toshi MARUYAMA over 2 years ago

  • Status changed from Needs feedback to Closed
  • Resolution set to Cant reproduce

Anonymous wrote:

Environment:
Redmine version 2.5.1.stable
Ruby version 1.9.3-p231 (2012-05-25) [i386-mingw32]

Too old.

I tried list type custom filed on trunk, but I cannot reproduce.

Reporter deleted his account, so we cannot continue to discuss.

#6 Updated by alex dl over 2 years ago

It can reproduced if we give add/edit issues permission to non member in a public project

#7 Updated by Toshi MARUYAMA over 2 years ago

  • Status changed from Closed to New
  • Resolution deleted (Cant reproduce)

#8 Updated by Toshi MARUYAMA over 2 years ago

  • Status changed from New to Needs feedback

alex dl wrote:

It can reproduced if we give add/edit issues permission to non member in a public project

I cannot reproduce.

#9 Updated by Toshi MARUYAMA over 2 years ago

  • Related to Defect #19163: Bulk edit form shows additional custom fields added

#10 Updated by Toshi MARUYAMA over 2 years ago

  • Related to deleted (Defect #19163: Bulk edit form shows additional custom fields)

#11 Updated by Toshi MARUYAMA over 2 years ago

  • Status changed from Needs feedback to Closed
  • Resolution set to Duplicate

I think this is duplicate of #19163.

#12 Updated by Toshi MARUYAMA over 2 years ago

  • Status changed from Closed to New
  • Resolution deleted (Duplicate)

#13 Updated by Toshi MARUYAMA over 2 years ago

  • Status changed from New to Needs feedback

#14 Updated by Toshi MARUYAMA over 2 years ago

Toshi MARUYAMA wrote:

I think this is duplicate of #19163.

Sorry, #19163 fixed bulk edit form opened from context menu.
I still cannot reproduce this issue.

#15 Updated by Tomasz O over 2 years ago

I have the same problem on:

Redmine version                3.0.2.stable
Ruby version 1.9.3-p484 (2013-11-22) [x86_64-linux]
Rails version 4.2.1
Environment production
Database adapter Mysql2
(all plug-ins disabled)

My permissions are defined as below:

Please note that:
1. Target version should be 'read-only' since 'submitted', and the custom field 'resolution' should be read-only since stpassed
2. Custom field 'reason for nochange' should be 'required' and visible for 'nochange' status

I am trying to set status to 'nochange'

and I can see the following

1. Fields 'Target version' and 'resolution' are still available for edit
2. The custom field 'reason for nochange' is not displayed - although there is prompt that it can not be empty.
3. When I am selecting another value from the 'Status' list all fields remain unchanged, whereas some should become required or read-only.

I hope this helps with reproducing and solving this issue.
Tomek

#16 Updated by Toshi MARUYAMA over 2 years ago

  • Status changed from Needs feedback to New

Also available in: Atom PDF