Anonymous Login
2018-10-16 19:03 PDT

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000284v1.2 Release (Closed)[All Projects] Generalpublic2009-12-08 19:01
Reporterachiele 
Assigned Tocaseydk 
PriorityhighSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
Product Version 
Target VersionFixed in Version1.2 
Summary0000284: The W2P is allowing delete files linked to a project that the user not participating in the project.
DescriptionIn the File menu (Folder Explorer), the W2P is allowing delete files linked to a project that the user not participating in the project. In addition to the Folder Explorer is listing all the files to the user. Initially, the Folder Explorer does not list the files already solve (this already another bug).
TagsNo tags attached.
Attached Files

-Relationships
related to 0000295closedcaseydk Task Access security circumvented by files module 
+Relationships

-Notes

~0000543

caseydk (administrator)

I've investigated this issue.

If a user is not assigned to a Project, they're still allowed to see it. If you want to hide a Project's Files, you should deny View permissions to that Project.

~0000549

achiele (reporter)

OK, but in my case the user have not permissions to project module.
I put print screens in attach.

NOTE: I upload file with my login (administrator) and delete with another user without permission module project.
Thanks

~0000553

pepe (reporter)

Last edited: 2009-10-22 02:06

Hi all,

It seems that I have seen the same problem (cf. http://web2project.net/forums/viewtopic.php?t=1227 )

It seems that it's linked no ? (in this topic, user can access to all the files, including the files of other projects).

Cheers,


pepe

~0000557

pepe (reporter)

Hi, I haved added a screenshot of the problem of the folder explorer in this forum topics : http://web2project.net/forums/viewtopic.php?t=1227

~0000633

caseydk (administrator)

Resolved for the v1.2 release.
+Notes

-Issue History
Date Modified Username Field Change
2009-10-06 11:34 achiele New Issue
2009-10-08 20:54 caseydk Note Added: 0000543
2009-10-08 20:54 caseydk Status new => feedback
2009-10-09 05:21 achiele File Added: user_no_permission_project1.jpg
2009-10-09 05:22 achiele File Added: file_upload_project.jpg
2009-10-09 05:22 achiele File Added: folder_explorer.jpg
2009-10-09 05:22 achiele File Added: delete.jpg
2009-10-09 05:26 achiele Note Added: 0000549
2009-10-16 05:14 pepe Note Added: 0000553
2009-10-16 08:52 pepe Note Edited: 0000553
2009-10-16 08:54 pepe Note Edited: 0000553
2009-10-16 08:56 pepe Note Edited: 0000553
2009-10-19 10:08 caseydk Project v1.1 Release (Closed) => v1.2 Release (Closed)
2009-10-22 02:03 pepe Note Added: 0000557
2009-10-22 02:06 pepe Note Edited: 0000553
2009-11-09 21:52 caseydk Relationship added related to 0000295
2009-11-17 20:42 caseydk Priority normal => high
2009-12-07 20:47 caseydk Status feedback => resolved
2009-12-07 20:47 caseydk Resolution open => fixed
2009-12-07 20:47 caseydk Assigned To => caseydk
2009-12-07 20:47 caseydk Note Added: 0000633
2009-12-08 19:01 caseydk Status resolved => closed
2009-12-08 19:01 caseydk Fixed in Version => 1.2
+Issue History