Defect #2590
Moved tickets and project permissions
| Status: | Closed | Start date: | 2009-01-26 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Issues | |||
| Target version: | 0.9.0 | Estimated time: | 4.00 hours | |
| Affected version: | 0.8.0 | Resolution: | Fixed |
Description
Okay, here's the case. User Alice creates a ticket in Project X. Manager Bob comes along and realizes that this ticket would be better addressed elsewhere, so he moves it to private Project Y. Alice doesn't have access to view Project Y and can't, as a result, see her ticket anymore.
That's all well and good, but on /my/page in the Reported issues block, she sees her ticket with a link (that 403's on her).
I think we can agree that she shouldn't be able to see the ticket (it would reveal possibly private categories, affected versions, etc), but shouldn't this mean it shouldn't display elsewhere to her?
Associated revisions
Fixed that 'My page' blocks may display issues that the user is no longer allowed to view (#2590).
History
Updated by Jean-Philippe Lang about 3 years ago
- Status changed from New to Closed
- Target version set to 0.9.0
- Resolution set to Fixed
This is fixed in r2322.
My page now displays issues that the user is allowed to view only. It applies to assigned and watched issues as well.