Defect #28180
Role-base cross-project issue query visibility calculated incorrectly
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Go MAEDA | % Done: | 0% | |
| Category: | Issues filter | |||
| Target version: | 3.4.5 | |||
| Resolution: | Fixed | Affected version: |
Description
When saving a cross-project issue query and selecting role based visibility, the permission checks don't filter properly for archived projects (although this is generally done for global permissions).
An example: There's a "Manager's only" issue query. Paul and Perter are both managers and able to see the query. Now Paul's project is finished and his project is archived. Expected behaviour: He is no longer able to see the "Manager's only" view - in the same way he's no longer able to create new project. Desired behaviour: He should not be able to access the "Manager's only" view anymore.
Attached you may find a patch containing a test and proposed fix based on current trunk r17197.
Holger Just of Planio identified the bug and developed the attached fix.
Associated revisions
Ignore archived project memberships when calculating issue query visibility (#28180).
Patch by Holger Just.
History
#1
Updated by Go MAEDA about 2 years ago
- Target version set to 4.1.0
Confirmed that the problem is reproducible and the patch can fix it. Setting target version to 4.1.0.
#2
Updated by Go MAEDA about 2 years ago
- Target version changed from 4.1.0 to 3.4.5
This patch can be merged to 3.4-stable.
#3
Updated by Go MAEDA about 2 years ago
- Status changed from New to Closed
- Assignee set to Go MAEDA
- Resolution set to Fixed
Committed. Thank you for your contribution.