Vote #79139: Role-base cross-project issue query visibility calculated incorrectly - redmineorg-copy202205 - Redmine

編集操作

リンクをコピー

Vote #79139

完了

Role-base cross-project issue query visibility calculated incorrectly

Admin Redmine さんが3年以上前に追加. 3年以上前に更新.

ステータス:

Closed

優先度:

通常

担当者:

カテゴリ:

Issues filter_56

対象バージョン:

3.4.5_139

開始日:

2022/05/09

期日:

進捗率:

予定工数:

Redmineorg_URL:

https://www.redmine.org/issues/28180

category_id:

version_id:

139

issue_org_id:

28180

author_id:

14446

assigned_to_id:

332

comments:

status_id:

tracker_id:

plus1:

affected_version:

closed_on:

affected_version_id:

ステータス-->[Closed]

引用

説明

When saving a cross-project issue query and selecting role based visibility, the permission checks don't filter properly for archived projects (although this is generally done for global permissions).

An example: There's a "Manager's only" issue query. Paul and Perter are both managers and able to see the query. Now Paul's project is finished and his project is archived. Expected behaviour: He is no longer able to see the "Manager's only" view - in the same way he's no longer able to create new project. Desired behaviour: He should not be able to access the "Manager's only" view anymore.

Attached you may find a patch containing a test and proposed fix based on current trunk r17197.

Holger Just of Planio identified the bug and developed the attached fix.

journals

Confirmed that the problem is reproducible and the patch can fix it. Setting target version to 4.1.0.
--------------------------------------------------------------------------------
This patch can be merged to 3.4-stable.
--------------------------------------------------------------------------------
Committed. Thank you for your contribution.
--------------------------------------------------------------------------------