View Issue Details

IDProjectCategoryView StatusLast Update
0023232mantisbtfilterspublic2017-10-08 23:52
ReportercproensaAssigned Tocproensa 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.6.0 
Target Version2.7.0Fixed in Version2.7.0 
Summary0023232: Custom field is showed in filter when the user has not view access
Description

The filter form populates all custom fields when the current project is ALL_PROJECTS
Having, for example:

  • A custom field assigned to a private project
  • The custom field view threshold is defined as "manager"
  • The user is member of said project, with access level "reporter"

If the user has selected "all projects", the custom field appear in the filter form, even when he shouldn't be able to view any value, and wouldn't have any visible value to filter on.

TagsNo tags attached.

Relationships

child of 0023443 closedcproensa Fixes related to custom fields on filters, columns and visibility 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master b139b96d

2017-08-15 18:21:42

cproensa


Committer: dregad Details Diff
Include custom fields from all included projects

When retrieving custom fields to show in the filter form, evaluate all
projects included in the filter scope.
Previously, evaluation of subprojects only happened when filtering from
ALL_PROJECTS.

Additionally, check access level for the defined view threshold, to only
show those custom fields that are viewable by the user

Fixes: 0005713, 0023232
mod - core/filter_form_api.php Diff File

Issue History

Date Modified Username Field Change
2017-08-16 20:35 cproensa New Issue
2017-08-16 20:39 cproensa Assigned To => cproensa
2017-08-16 20:39 cproensa Status new => assigned
2017-10-07 12:45 dregad Changeset attached => MantisBT master b139b96d
2017-10-07 12:45 cproensa Status assigned => resolved
2017-10-07 12:45 cproensa Resolution open => fixed
2017-10-07 12:45 cproensa Fixed in Version => 2.7.0
2017-10-07 13:33 atrol Target Version => 2.7.0
2017-10-08 11:50 cproensa Relationship added child of 0023443
2017-10-08 23:52 vboctor Status resolved => closed