Defect #37499
closedDefault query should not be applied if the query is not allowed to be set as the default
0%
Description
There are conditions on the queries that can be set as the default query. For example, the query you want to set as the global default or project default must be a public query.
However, you can set a non-public query as the default query with the following steps.
1. Create a public issue query
2. Set the query as the project default
3. Change the visibility of the query from "to any users" to "to me only"
4. Login with another user and open the "Issues" tab of the project. The user will get an error "403 You are not authorized to access this page"
To avoid the error, Redmine should not try to apply the default query when a query that is not allowed to be set as the default is the current default query.
Files
Related issues
Updated by Mizuki ISHIKAWA 8 months ago
- File fix-37499.patch fix-37499.patch added
Patch attached.
The default_project_query also has the same problem, so I have fixed it.
Updated by Holger Just 7 months ago
- Related to Patch #37608: Check visibility for passed user in IssueQuery.default added