Defect #37499
closed
Default query should not be applied if the query is not allowed to be set as the default
0%
Description
There are conditions on the queries that can be set as the default query. For example, the query you want to set as the global default or project default must be a public query.
However, you can set a non-public query as the default query with the following steps.
1. Create a public issue query
2. Set the query as the project default
3. Change the visibility of the query from "to any users" to "to me only"
4. Login with another user and open the "Issues" tab of the project. The user will get an error "403 You are not authorized to access this page"
To avoid the error, Redmine should not try to apply the default query when a query that is not allowed to be set as the default is the current default query.
Files
Related issues
Updated by Mizuki ISHIKAWA almost 3 years ago
- File fix-37499.patch fix-37499.patch added
Patch attached.
The default_project_query also has the same problem, so I have fixed it.
Updated by Go MAEDA almost 3 years ago
- Subject changed from Default query should be ignored if the query is not allowed to be set as the default to Default query should not be applied if the query is not allowed to be set as the default
Updated by Go MAEDA almost 3 years ago
- Target version set to Candidate for next major release
Updated by Go MAEDA almost 3 years ago
- Target version changed from Candidate for next major release to 5.0.3
Setting the target version to 5.0.3.
Updated by Go MAEDA over 2 years ago
- Status changed from New to Resolved
- Assignee set to Go MAEDA
- Resolution set to Fixed
Committed the fix. Thank you.
Updated by Holger Just over 2 years ago
- Related to Patch #37608: Check visibility for passed user in IssueQuery.default added