Defect #28180
closed
Role-base cross-project issue query visibility calculated incorrectly
0%
Description
When saving a cross-project issue query and selecting role based visibility, the permission checks don't filter properly for archived projects (although this is generally done for global permissions).
An example: There's a "Manager's only" issue query. Paul and Perter are both managers and able to see the query. Now Paul's project is finished and his project is archived. Expected behaviour: He is no longer able to see the "Manager's only" view - in the same way he's no longer able to create new project. Desired behaviour: He should not be able to access the "Manager's only" view anymore.
Attached you may find a patch containing a test and proposed fix based on current trunk r17197.
Holger Just of Planio identified the bug and developed the attached fix.
Files
Updated by Go MAEDA about 7 years ago
- Target version set to 4.1.0
Confirmed that the problem is reproducible and the patch can fix it. Setting target version to 4.1.0.
Updated by Go MAEDA about 7 years ago
- Target version changed from 4.1.0 to 3.4.5
This patch can be merged to 3.4-stable.
Updated by Go MAEDA about 7 years ago
- Status changed from New to Closed
- Assignee set to Go MAEDA
- Resolution set to Fixed
Committed. Thank you for your contribution.