MantisBT - v1.2 Release (Closed)
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0000284v1.2 Release (Closed)[All Projects] Generalpublic2009-10-06 11:342009-12-08 19:01
Reporterachiele 
Assigned Tocaseydk 
PriorityhighSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version1.2 
Summary0000284: The W2P is allowing delete files linked to a project that the user not participating in the project.
DescriptionIn the File menu (Folder Explorer), the W2P is allowing delete files linked to a project that the user not participating in the project. In addition to the Folder Explorer is listing all the files to the user. Initially, the Folder Explorer does not list the files already solve (this already another bug).
TagsNo tags attached.
Relationships
related to 0000295closed caseydk Task Access security circumvented by files module 
Attached Filesjpg user_no_permission_project1.jpg (45,280) 1969-12-31 16:00
https://bugs.web2project.net/file_download.php?file_id=59&type=bug
jpg

jpg file_upload_project.jpg (45,890) 1969-12-31 16:00
https://bugs.web2project.net/file_download.php?file_id=60&type=bug
jpg

jpg folder_explorer.jpg (12,971) 1969-12-31 16:00
https://bugs.web2project.net/file_download.php?file_id=61&type=bug
jpg

jpg delete.jpg (22,479) 1969-12-31 16:00
https://bugs.web2project.net/file_download.php?file_id=62&type=bug
jpg

Notes
(0000543)
caseydk   
2009-10-08 20:54   
I've investigated this issue.

If a user is not assigned to a Project, they're still allowed to see it. If you want to hide a Project's Files, you should deny View permissions to that Project.
(0000549)
achiele   
2009-10-09 05:26   
OK, but in my case the user have not permissions to project module.
I put print screens in attach.

NOTE: I upload file with my login (administrator) and delete with another user without permission module project.
Thanks
(0000553)
pepe   
2009-10-16 05:14   
(Last edited: 2009-10-22 02:06)
Hi all,

It seems that I have seen the same problem (cf. http://web2project.net/forums/viewtopic.php?t=1227 )

It seems that it's linked no ? (in this topic, user can access to all the files, including the files of other projects).

Cheers,


pepe
(0000557)
pepe   
2009-10-22 02:03   
Hi, I haved added a screenshot of the problem of the folder explorer in this forum topics : http://web2project.net/forums/viewtopic.php?t=1227
(0000633)
caseydk   
2009-12-07 20:47   
Resolved for the v1.2 release.

Issue History
Date ModifiedUsernameFieldChange
2009-10-06 11:34achieleNew Issue
2009-10-08 20:54caseydkNote Added: 0000543
2009-10-08 20:54caseydkStatusnew => feedback
2009-10-09 05:21achieleFile Added: user_no_permission_project1.jpg
2009-10-09 05:22achieleFile Added: file_upload_project.jpg
2009-10-09 05:22achieleFile Added: folder_explorer.jpg
2009-10-09 05:22achieleFile Added: delete.jpg
2009-10-09 05:26achieleNote Added: 0000549
2009-10-16 05:14pepeNote Added: 0000553
2009-10-16 08:52pepeNote Edited: 0000553
2009-10-16 08:54pepeNote Edited: 0000553
2009-10-16 08:56pepeNote Edited: 0000553
2009-10-19 10:08caseydkProjectv1.1 Release (Closed) => v1.2 Release (Closed)
2009-10-22 02:03pepeNote Added: 0000557
2009-10-22 02:06pepeNote Edited: 0000553
2009-11-09 21:52caseydkRelationship addedrelated to 0000295
2009-11-17 20:42caseydkPrioritynormal => high
2009-12-07 20:47caseydkStatusfeedback => resolved
2009-12-07 20:47caseydkResolutionopen => fixed
2009-12-07 20:47caseydkAssigned To => caseydk
2009-12-07 20:47caseydkNote Added: 0000633
2009-12-08 19:01caseydkStatusresolved => closed
2009-12-08 19:01caseydkFixed in Version => 1.2