Vote #76314
未完了Context menu is unaware of the field permissions
0%
説明
User can see the field via context menu even if that field is not visible for that user.
Steps to reproduce: Create a custom filed with visibility set for Manager only. Log in as member and from the issue list, right click on the issue to see the hidden field.
journals
I cannot reproduce on trunk r14192.
!bool.png!
!admin.png!
!member.png!
--------------------------------------------------------------------------------
Toshi MARUYAMA wrote:
> I cannot reproduce on trunk r14192.
>
> !bool.png!
> !admin.png!
> !member.png!
I've tried in a public project and restricted the access to some of the members
!CustomFieldRating.png!
I'm seeing this field as non member too
!non_member_view.png!
But non member is not able to see these fields in the issues view
I also had the same issue with redmine 3.0.1
But the one I was able to show is with 2.5.1.stable
Environment:
Redmine version 2.5.1.stable
Ruby version 1.9.3-p231 (2012-05-25) [i386-mingw32]
Rails version 3.2.17
Environment production
Database adapter Mysql2
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
!Admin_issue_view.png!
Admin can see the two fields in the issue view
!non_member_issue_view.png!
Non member is not able to see them there (this is correct) But he is able to see it in the context menu as in the above image
--------------------------------------------------------------------------------
Anonymous wrote:
> Environment:
> Redmine version 2.5.1.stable
> Ruby version 1.9.3-p231 (2012-05-25) [i386-mingw32]
Too old.
I tried list type custom filed on trunk, but I cannot reproduce.
Reporter deleted his account, so we cannot continue to discuss.
--------------------------------------------------------------------------------
It can reproduced if we give add/edit issues permission to non member in a public project
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
alex dl wrote:
> It can reproduced if we give add/edit issues permission to non member in a public project
I cannot reproduce.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
I think this is duplicate of #19163.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Toshi MARUYAMA wrote:
> I think this is duplicate of #19163.
Sorry, #19163 fixed bulk edit form opened from context menu.
I still cannot reproduce this issue.
--------------------------------------------------------------------------------
I have the same problem on:
Redmine version 3.0.2.stable
Ruby version 1.9.3-p484 (2013-11-22) [x86_64-linux]
Rails version 4.2.1
Environment production
Database adapter Mysql2
(all plug-ins disabled)
My permissions are defined as below:
!http://static.pokazywarka.pl/bigImages/5872006/15200238.jpg?1431602605!
Please note that:
1. Target version should be 'read-only' since 'submitted', and the custom field 'resolution' should be read-only since stpassed
2. Custom field 'reason for nochange' should be 'required' and visible for 'nochange' status
I am trying to set status to 'nochange'
!http://static.pokazywarka.pl/bigImages/5872006/15200239.jpg?1431602605!
and I can see the following
!http://static.pokazywarka.pl/bigImages/5872006/15200240.jpg?1431602605!
1. Fields 'Target version' and 'resolution' are still available for edit
2. The custom field 'reason for nochange' is not displayed - although there is prompt that it can not be empty.
3. When I am selecting another value from the 'Status' list all fields remain unchanged, whereas some should become required or read-only.
I hope this helps with reproducing and solving this issue.
Tomek
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------