Project

General

Profile

Actions

Defect #2703

open

Link to Changesets is shown to User without credential

Added by Steffen Dietz over 15 years ago. Updated about 13 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Permissions and roles
Target version:
-
Start date:
2009-02-09
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

The link to a changeset, which updated a ticket status, in ticket comments is shown to users, even if they dont have the creadentials to view the changeset.

So the user gets a "you're not allowed to access this" error page on accidently clicking on the link.

Actions #1

Updated by Jean-Baptiste Barth about 14 years ago

  • Affected version (unused) changed from 0.8.0 to devel

I think it's a much more general issue : nearly wherever you are in Redmine, there can be links you can't follow if you do not have the "View" permission on the section/module. It might be difficult to do this without coupling links parsing and permissions... Any thought about that ?

Actions #2

Updated by Toshi MARUYAMA about 13 years ago

  • Category set to Permissions and roles
Actions

Also available in: Atom PDF