MantisBT - v1.1 Release (Closed)
View Issue Details
0000227v1.1 Release (Closed)[All Projects] Generalpublic2009-08-02 05:172009-09-09 22:41
Reporteregemme 
Assigned Tocaseydk 
PrioritynormalSeveritytweakReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.1 
Target VersionFixed in Version1.1 
Summary0000227: View other user's tasks/todo
DescriptionI migrated from dP 2.1.2 and testing w2p 1.1 trunk. I can only view partly other user's tasks or todos(2 out of 7). With few "echo" put hear and there in the code, I've been able to see that the w2PgetUsersList returns the correct full list of users. But isUserPermitted screens out most users. This part of w2P seems to have been heavily rewritten and would I need a clue to interpret how acl tools now deals with this function. I wish to see whether there is a bug there, or is it just a bad acl tables conversion.
TagsNo tags attached.
Attached Files

Notes
(0000375)
caseydk   
2009-08-02 17:24   
I'm playing with the latest trunk and not seeing any "errors" per se. In one of my installations, I'm looking at various tasks for lots of users without problems.

That said, we have worked hard at cleaning up and making permissions much more secure. Previously, if permissions were undefined on something, dotProject would give you access to it. And that's assuming permissions were applied at all - there were many places where they were not.

In web2project, we've made sure that permissions are applied *everywhere* in addition to not allowing access unless the ACL's specifically say so.
(0000383)
egemme   
2009-08-13 05:37   
Sorry for the delay I was in vacations out of town. I reworked my "project worker" role by adding "access" to "user table" and it worked. For a reason I can't remember, "access" to "user table" couldn't be securely given in dP without giving some extra unwanted permissions. At this time, you can close this issue.
(0000385)
caseydk   
2009-08-13 06:47   
Thanks for the update.

Any chance you'd be willing to add the problem and the fix to our FAQ page here: http://wiki.web2project.net/index.php?title=Category:Frequently_Asked_Questions ?
(0000452)
caseydk   
2009-09-09 22:41   
Closed for release.

Issue History
2009-08-02 05:17egemmeNew Issue
2009-08-02 17:24caseydkNote Added: 0000375
2009-08-02 17:24caseydkStatusnew => feedback
2009-08-13 05:37egemmeNote Added: 0000383
2009-08-13 06:47caseydkStatusfeedback => resolved
2009-08-13 06:47caseydkResolutionopen => fixed
2009-08-13 06:47caseydkAssigned To => caseydk
2009-08-13 06:47caseydkNote Added: 0000385
2009-09-09 22:41caseydkStatusresolved => closed
2009-09-09 22:41caseydkNote Added: 0000452
2009-09-09 22:41caseydkFixed in Version => 1.1