Anonymous Login
2023-01-31 15:30 PST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000127v1.0 Release (Closed)[All Projects] Generalpublic2013-11-22 10:32
Reporterdmarmga 
Assigned Tocaseydk 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
Product Version 
Target VersionFixed in Version 
Summary0000127: Inconsistent security behavior with projects / task assignment
DescriptionSecurity for tasks / projects is inconsistent between functions resulting in potential security gaps or confusing security setup situations.

Reproduction
1) Create a new test project
2) Create a test user
3) Assign the contract role to the test user
4) Assign full permissions (View - access) to the new project in step 0000001
5) Open the project and select "New Task"
6) Note that the test user does not appear in the Human resources selection box
(Expectation is the user should be visible as he has been assigned to the project)
7) Open the project and select "Design this project"
8) Note that you can select the test user as a owner under the Actions pane.
(This is as expected)
TagsNo tags attached.
Attached Files

-Relationships
related to 0000128closedcaseydk PHP crash on clicking "Task List" button under "My Tasks To Do" 
child of 0000134closedcaseydk Potential dotProject Conversion Issues 
+Relationships

-Notes

~0000220

caseydk (administrator)

This issue - along with quite a few others - are awaiting feedback from dmarmga. At present no one has been able to reproduce these... if I don't get useful information by May 1st, I'll have to close all of them.

~0000225

dmarmga (reporter)

I am still able to replicate this issue with a clean install (no conversion)

~0000241

caseydk (administrator)

Resolved in r386:
- the Task Edit screen confirms that any listed user has rights to view the task, as it's [not smart] to allow a user to be assigned if they couldn't see the task... I've applied the same permissions check to the Project Designer's task assignment functionality;
+Notes

-Issue History
Date Modified Username Field Change
2009-04-06 18:59 dmarmga New Issue
2009-04-12 20:41 caseydk Relationship added child of 0000134
2009-04-19 18:24 caseydk Note Added: 0000220
2009-04-19 18:24 caseydk Status new => feedback
2009-04-19 20:01 dmarmga Note Added: 0000225
2009-04-27 21:24 caseydk Status feedback => resolved
2009-04-27 21:24 caseydk Resolution open => fixed
2009-04-27 21:24 caseydk Assigned To => caseydk
2009-04-27 21:24 caseydk Note Added: 0000241
2009-04-27 21:49 caseydk Relationship added related to 0000128
2009-06-07 19:35 caseydk Status resolved => closed
2013-11-22 10:32 caseydk Category a_n/a => System Admin
+Issue History