Defect #2590

Moved tickets and project permissions

Added by Brad Beattie almost 9 years ago. Updated almost 9 years ago.

Status:ClosedStart date:2009-01-26
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:IssuesEstimated time:4.00 hours
Target version:0.9.0
Resolution:Fixed Affected version:

Description

Okay, here's the case. User Alice creates a ticket in Project X. Manager Bob comes along and realizes that this ticket would be better addressed elsewhere, so he moves it to private Project Y. Alice doesn't have access to view Project Y and can't, as a result, see her ticket anymore.

That's all well and good, but on /my/page in the Reported issues block, she sees her ticket with a link (that 403's on her).

I think we can agree that she shouldn't be able to see the ticket (it would reveal possibly private categories, affected versions, etc), but shouldn't this mean it shouldn't display elsewhere to her?

Associated revisions

Revision 2322
Added by Jean-Philippe Lang almost 9 years ago

Fixed that 'My page' blocks may display issues that the user is no longer allowed to view (#2590).

History

#1 Updated by Jean-Philippe Lang almost 9 years ago

  • Status changed from New to Closed
  • Target version set to 0.9.0
  • Resolution set to Fixed

This is fixed in r2322.
My page now displays issues that the user is allowed to view only. It applies to assigned and watched issues as well.

Also available in: Atom PDF