| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0000127 | v1.0 Release (Closed) | [All Projects] General | public | 2009-04-06 18:59 | 2013-11-22 10:32 | ||||
| Reporter | dmarmga | ||||||||
| Assigned To | caseydk | ||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Product Version | |||||||||
| Target Version | Fixed in Version | ||||||||
| Summary | 0000127: Inconsistent security behavior with projects / task assignment | ||||||||
| Description | Security for tasks / projects is inconsistent between functions resulting in potential security gaps or confusing security setup situations. Reproduction 1) Create a new test project 2) Create a test user 3) Assign the contract role to the test user 4) Assign full permissions (View - access) to the new project in step 0000001 5) Open the project and select "New Task" 6) Note that the test user does not appear in the Human resources selection box (Expectation is the user should be visible as he has been assigned to the project) 7) Open the project and select "Design this project" 8) Note that you can select the test user as a owner under the Actions pane. (This is as expected) | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files |
| ||||||||
 Relationships |
|||||||||||
|
|||||||||||
 Relationships |
| Notes |
|
|
caseydk (administrator) 2009-04-19 18:24 |
This issue - along with quite a few others - are awaiting feedback from dmarmga. At present no one has been able to reproduce these... if I don't get useful information by May 1st, I'll have to close all of them. |
|
dmarmga (reporter) 2009-04-19 20:01 |
I am still able to replicate this issue with a clean install (no conversion) |
|
caseydk (administrator) 2009-04-27 21:24 |
Resolved in r386: - the Task Edit screen confirms that any listed user has rights to view the task, as it's [not smart] to allow a user to be assigned if they couldn't see the task... I've applied the same permissions check to the Project Designer's task assignment functionality; |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2009-04-06 18:59 | dmarmga | New Issue | |
| 2009-04-12 20:41 | caseydk | Relationship added | child of 0000134 |
| 2009-04-19 18:24 | caseydk | Note Added: 0000220 | |
| 2009-04-19 18:24 | caseydk | Status | new => feedback |
| 2009-04-19 20:01 | dmarmga | Note Added: 0000225 | |
| 2009-04-27 21:24 | caseydk | Status | feedback => resolved |
| 2009-04-27 21:24 | caseydk | Resolution | open => fixed |
| 2009-04-27 21:24 | caseydk | Assigned To | => caseydk |
| 2009-04-27 21:24 | caseydk | Note Added: 0000241 | |
| 2009-04-27 21:49 | caseydk | Relationship added | related to 0000128 |
| 2009-06-07 19:35 | caseydk | Status | resolved => closed |
| 2013-11-22 10:32 | caseydk | Category | a_n/a => System Admin |
| Issue History |