Defect #28180

Role-base cross-project issue query visibility calculated incorrectly

Added by Gregor Schmidt 4 months ago. Updated 3 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Go MAEDA% Done:

0%

Category:Issues filter
Target version:3.4.5
Resolution:Fixed Affected version:

Description

When saving a cross-project issue query and selecting role based visibility, the permission checks don't filter properly for archived projects (although this is generally done for global permissions).

An example: There's a "Manager's only" issue query. Paul and Perter are both managers and able to see the query. Now Paul's project is finished and his project is archived. Expected behaviour: He is no longer able to see the "Manager's only" view - in the same way he's no longer able to create new project. Desired behaviour: He should not be able to access the "Manager's only" view anymore.

Attached you may find a patch containing a test and proposed fix based on current trunk r17197.

Holger Just of Planio identified the bug and developed the attached fix.

0001-Ignore-archived-project-memberships-when-calculating.patch Magnifier (2.3 KB) Gregor Schmidt, 2018-02-12 14:25

Associated revisions

Revision 17257
Added by Go MAEDA 3 months ago

Ignore archived project memberships when calculating issue query visibility (#28180).

Patch by Holger Just.

Revision 17258
Added by Go MAEDA 3 months ago

Merged r17257 from trunk to 3.4-stable (#28180).

History

#1 Updated by Go MAEDA 3 months ago

  • Target version set to 4.1.0

Confirmed that the problem is reproducible and the patch can fix it. Setting target version to 4.1.0.

#2 Updated by Go MAEDA 3 months ago

  • Target version changed from 4.1.0 to 3.4.5

This patch can be merged to 3.4-stable.

#3 Updated by Go MAEDA 3 months ago

  • Status changed from New to Closed
  • Assignee set to Go MAEDA
  • Resolution set to Fixed

Committed. Thank you for your contribution.

Also available in: Atom PDF