Project

General

Profile

Actions

Patch #29162

closed

Only allow visible custom fields as aggregation criteria in time reports

Added by Holger Just over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Time tracking
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

In time reports, the user can currently select any custom field defined in the Redmine system as an aggregation criteria. This can lead to confusion since the returned data might not reflect the custom field or might even lead to an information leak regarding the existence of a hidden custom field. The data returned in the report itself is correctly filtered so that the field is only considered if it is actually visible to the current user.

The attached patch filters the custom fields available as aggregation criteria in the report to only allow the use of visible custom fields.


Files


Related issues

Related to Redmine - Patch #29161: Avoid SQL errors when adding a project custom field as a time report criteriaClosedGo MAEDA

Actions
Actions

Also available in: Atom PDF