View Issue Details

IDProjectCategoryView StatusLast Update
0023223mantisbtfilterspublic2017-10-08 23:52
ReportercproensaAssigned Tocproensa 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.6.0 
Target Version2.7.0Fixed in Version2.7.0 
Summary0023223: Custom fields filter does not account for read access at project level
Description

Filtering by a custom field value can show issues that matches the searched value, but the user does not have read access for according to that issue's project.

Example:
Having projects A, and B which is subrpoject of A. Both private.
A custom field CF defined with "manager" read access
A user that is member of project A as manager, and B as reporter.

When the user is set is project A, and use a simple filter to search for the custom field value, issues from project B appear, even if the actual custom field value is not showed (it shows as empty, or 0)

TagsNo tags attached.

Relationships

child of 0023443 closedcproensa Fixes related to custom fields on filters, columns and visibility 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master fd38b5d3

2017-08-15 20:34:22

cproensa


Committer: dregad Details Diff
Account for project permission on custom fields filter

When filtering on custom fields, return only issues where the custom
fields is viewable by the user according to each project access level.

Fixes: 0023223
mod - core/filter_api.php Diff File

Issue History

Date Modified Username Field Change
2017-08-15 11:56 cproensa New Issue
2017-08-16 13:17 cproensa Assigned To => cproensa
2017-08-16 13:17 cproensa Status new => assigned
2017-10-07 12:45 dregad Changeset attached => MantisBT master fd38b5d3
2017-10-07 12:45 cproensa Status assigned => resolved
2017-10-07 12:45 cproensa Resolution open => fixed
2017-10-07 12:45 cproensa Fixed in Version => 2.7.0
2017-10-07 13:33 atrol Target Version => 2.7.0
2017-10-08 11:50 cproensa Relationship added child of 0023443
2017-10-08 23:52 vboctor Status resolved => closed