Defect #19187
closed
Roadmap links in subproject
0%
Description
I have redmine with Project1 and Subproject2. There are two versions in Project1: Ver1 and Ver2, both shared with subprojects.
Then I have two users: Admin1 and User2.
Admin can view everything. User2 is assigned to Subproject2.
There are 2 issues in Project1/Ver1, 3 in Project1/Ver2 and 4 in Subproject2/Ver1.
For User2 links in roadmap are broken. They all link to Project1. Numbers are wrong too, this particular user should see only 4 issues, and not everything from Project1 - 9 issues. Links points to Project1 so they give 403 for that user.
I think that version.issue count should include permissions. Links should point to right context which is actual project.
Or maybe there should be more links for more cotexts like:
9 issues (0 closed — 9 open) - Project1
4 issues (0 closed — 4 open) - Subproject1/Ver2
Right now this place constantly gives 403 error, users are not allowed to view parent project, they expect to see their context (smaller number of issues and query from actual project).
Files
Related issues
Updated by Toshi MARUYAMA over 9 years ago
- Related to Defect #15248: Ticket count in roadmap view wrong added
Updated by Toshi MARUYAMA over 9 years ago
- Related to Defect #19059: Wrong number of issues for a version in the roadmap added
Updated by
Updated by Marius BĂLTEANU almost 7 years ago
Updated by Marius BĂLTEANU over 6 years ago
@Go Maeda, can you take a look on this issue and my last comment? I really think that it is important to add this ticket and the related one to the changelog.
Updated by Go MAEDA over 6 years ago
Marius BALTEANU wrote:
In case of #27676 will not be made public, I propose to add this issue to version 4.0.0 because it deserve to be in the changelog, it is an important fix.
Do you think it will be OK if #27676 appears in the changelog like other security issues? If so, I will set #27676's target version to 4.0.0 and commit the test you wrote as a part of #27676.
Updated by Marius BĂLTEANU over 6 years ago
Go MAEDA wrote:
Do you think it will be OK if #27676 appears in the changelog like other security issues? If so, I will set #27676's target version to 4.0.0 and commit the test you wrote as a part of #27676.
Sounds good to me.
That means we can close these two tickets (this one and #19059) with resolution "Duplicate"?
Updated by Go MAEDA over 6 years ago
- Status changed from New to Closed
- Resolution set to Duplicate
Updated by Go MAEDA over 6 years ago
- Is duplicate of Patch #27676: Information leak on roadmap and versions view added