| Anonymous | Login | Signup for a new account | 2010-09-03 06:26 MDT |
| Main | My View | View Issues | Change Log | Roadmap | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0000254 | [v1.2 Release (Closed)] Tasks | major | always | 2009-09-12 07:14 | 2009-12-08 21:07 | ||
| Reporter | mpohoril | View Status | public | ||||
| Assigned To | pedroa | ||||||
| Priority | normal | Resolution | fixed | ||||
| Status | closed | Product Version | 1.1 | ||||
| Summary | 0000254: Unauthorized view of compenies and users when assigning people to a task | ||||||
| Description |
Situation: 1. User1 belongs to Company1 and allowed to see all non-admin modules, except companies. user1 can only see Company1. 2. When User1 creates a new task for project (which, of course, belongs to Company1), he may only add task contacts, which belong to Company1 and Administrators (Admin roles), BUT! 3. If User1 selects an administrator for task contacts, closes selection window, ____ and then click "select contacts" again____, HE SEES ALL THE CONTACTS, WHICH ARE AVAILABLE TO ADMINISTRATOR, and this is a security problem. |
||||||
| Additional Information | |||||||
| Tags | No tags attached. | ||||||
| Attached Files | |||||||
|
|
|||||||
 Relationships |
|
|
Notes |
|
|
(0000478) mpohoril (reporter) 2009-09-12 07:28 |
Some addition to the item2 of bug description: Administrators (Admin roles) are actually users, who do not belong to any company, but have administrative rights. If assigned to a company, different from Company1, they cannot be selected the way described before. But this is not the resolving of the bug itself. |
|
(0000590) caseydk (administrator) 2009-11-17 21:36 |
Resolved this one in r777 by applying the proper Company and Department permissions; |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-09-12 07:14 | mpohoril | New Issue | |
| 2009-09-12 07:15 | mpohoril | Issue Monitored: mpohoril | |
| 2009-09-12 07:28 | mpohoril | Note Added: 0000478 | |
| 2009-09-15 11:10 | caseydk | Project | v1.1 Release (Closed) => v1.2 Release (Closed) |
| 2009-09-22 11:19 | pedroa | Status | new => assigned |
| 2009-09-22 11:19 | pedroa | Assigned To | => pedroa |
| 2009-11-17 21:36 | caseydk | Status | assigned => resolved |
| 2009-11-17 21:36 | caseydk | Resolution | open => fixed |
| 2009-11-17 21:36 | caseydk | Note Added: 0000590 | |
| 2009-12-08 21:07 | caseydk | Status | resolved => closed |
| 2009-12-08 21:07 | caseydk | Fixed in Version | => 1.2 |
| Mantis 1.1.8[^] Copyright © 2000 - 2009 Mantis Group |  |
