| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0001631 | v3.4 Release (Current) | Projects | public | 2014-10-11 02:35 | 2019-01-03 12:53 | ||||
| Reporter | opto | ||||||||
| Assigned To | caseydk | ||||||||
| Priority | normal | Severity | minor | Reproducibility | have not tried | ||||
| Status | closed | Resolution | fixed | ||||||
| Product Version | |||||||||
| Target Version | Fixed in Version | ||||||||
| Summary | 0001631: no of projects in tab title is wrong, not based on permissions | ||||||||
| Description | have a guest user with access to one company, access all projects, view one specific project he can see only one project. but the tabs hold the number of projects he cannot see (like 16 for in progress although his viewable project is in another status). He cannot view those projects, but should not see the number either | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files |
| ||||||||
 Relationships |
|
 Relationships |
| Notes |
|
|
caseydk (administrator) 2014-10-11 20:19 |
I can't reproduce this one.. I've tried by taking an existing user and blocking them from seeing companies - sure enough the project counts go down - or by creating a new user and only giving them access to certain companies. And sure enough, they only see those companies' projects. Can you give me a bit more guidance on fixing this one? |
|
opto (manager) 2014-10-19 13:47 |
have a company with say 10 projects have a user with the following permissions: companies: access to one company only projects: access to all projects projects: view to one project (if not access to all projects, there is no projects itm in the top menu bar). no go to projects: all tabs give the number of projects in that tab in the tab name. The numbers are wrong because they are calculated without permissions in mind. Going into the tabs, the wrongly displayed projects cannot be accessed, but they should not be displayed either. This gives away their project names etc, which should not be accessible if the user has access and view to one project only. Is this clearer now? |
|
caseydk (administrator) 2014-11-21 21:37 |
Resolved: https://github.com/web2project/web2project/commit/4f0156a6f831673c5375a3dc705e414bb6df119a |
|
caseydk (administrator) 2019-01-03 12:53 |
In the 31 Dec 2018 release: http://docs.web2project.net/release-notes/3.4.html |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-10-11 02:35 | opto | New Issue | |
| 2014-10-11 02:58 | opto | Summary | no of projects in tabs is wrong, not based on permissions => no of projects in tab title is wrong, not based on permissions |
| 2014-10-11 20:19 | caseydk | Note Added: 0003675 | |
| 2014-10-11 20:19 | caseydk | Assigned To | => caseydk |
| 2014-10-11 20:19 | caseydk | Status | new => feedback |
| 2014-10-19 13:47 | opto | Note Added: 0003702 | |
| 2014-10-19 13:47 | opto | Status | feedback => assigned |
| 2014-11-21 21:37 | caseydk | Note Added: 0003719 | |
| 2014-11-21 21:37 | caseydk | Status | assigned => resolved |
| 2014-11-21 21:37 | caseydk | Fixed in Version | => 3.3 |
| 2014-11-21 21:37 | caseydk | Resolution | open => fixed |
| 2016-12-26 23:37 | caseydk | Project | v3.3 Release => v3.4 Release (Current) |
| 2019-01-03 12:53 | caseydk | Note Added: 0003924 | |
| 2019-01-03 12:53 | caseydk | Status | resolved => closed |
| Issue History |