Members w/o view issues permission are able to list issues on public projects if the non member role has the permission
|Assignee:||Jean-Philippe Lang||% Done:|
But issues of project with no "View Issues" role are listed on "View all issues".
Fixed that members without view issues permission are able to list issues on public projects if the non member role has the permission (#20206).
#1 Updated by Jean-Philippe Lang about 3 years ago
This happens because your "Non member" role has the "View issues" permission.
Issue.visible and Issue#visible? doesn't behave the same in this particular case. Issue.visible considers the non member permissions even for members, but Issue#visible? does not. I think that members should not have less permissions than non members and behaviour should be aligned on the Issue.visible scope.