2017-11-20 05:30 PST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000227v1.1 Release (Closed)[All Projects] Generalpublic2009-09-09 22:41
Reporteregemme 
Assigned Tocaseydk 
PrioritynormalSeveritytweakReproducibilityalways
StatusclosedResolutionfixed 
Product Version1.1 
Target VersionFixed in Version1.1 
Summary0000227: View other user's tasks/todo
DescriptionI migrated from dP 2.1.2 and testing w2p 1.1 trunk. I can only view partly other user's tasks or todos(2 out of 7). With few "echo" put hear and there in the code, I've been able to see that the w2PgetUsersList returns the correct full list of users. But isUserPermitted screens out most users. This part of w2P seems to have been heavily rewritten and would I need a clue to interpret how acl tools now deals with this function. I wish to see whether there is a bug there, or is it just a bad acl tables conversion.
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0000375

caseydk (administrator)

I'm playing with the latest trunk and not seeing any "errors" per se. In one of my installations, I'm looking at various tasks for lots of users without problems.

That said, we have worked hard at cleaning up and making permissions much more secure. Previously, if permissions were undefined on something, dotProject would give you access to it. And that's assuming permissions were applied at all - there were many places where they were not.

In web2project, we've made sure that permissions are applied *everywhere* in addition to not allowing access unless the ACL's specifically say so.

~0000383

egemme (reporter)

Sorry for the delay I was in vacations out of town. I reworked my "project worker" role by adding "access" to "user table" and it worked. For a reason I can't remember, "access" to "user table" couldn't be securely given in dP without giving some extra unwanted permissions. At this time, you can close this issue.

~0000385

caseydk (administrator)

Thanks for the update.

Any chance you'd be willing to add the problem and the fix to our FAQ page here: http://wiki.web2project.net/index.php?title=Category:Frequently_Asked_Questions ?

~0000452

caseydk (administrator)

Closed for release.
+Notes

-Issue History
Date Modified Username Field Change
2009-08-02 05:17 egemme New Issue
2009-08-02 17:24 caseydk Note Added: 0000375
2009-08-02 17:24 caseydk Status new => feedback
2009-08-13 05:37 egemme Note Added: 0000383
2009-08-13 06:47 caseydk Status feedback => resolved
2009-08-13 06:47 caseydk Resolution open => fixed
2009-08-13 06:47 caseydk Assigned To => caseydk
2009-08-13 06:47 caseydk Note Added: 0000385
2009-09-09 22:41 caseydk Status resolved => closed
2009-09-09 22:41 caseydk Note Added: 0000452
2009-09-09 22:41 caseydk Fixed in Version => 1.1
+Issue History