Project

General

Profile

Actions
Copy link

Defect #19693

open

Context menu is unaware of the field permissions

Added by Anonymous over 9 years ago. Updated over 9 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Issues
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:
3.0.1

Description

User can see the field via context menu even if that field is not visible for that user.
Steps to reproduce: Create a custom filed with visibility set for Manager only. Log in as member and from the issue list, right click on the issue to see the hidden field.

Files

Download all files
member.png (11.4 KB) member.png Toshi MARUYAMA, 2015-04-23 08:29
admin.png (29.2 KB) admin.png Toshi MARUYAMA, 2015-04-23 08:29
bool.png (42.2 KB) bool.png Toshi MARUYAMA, 2015-04-23 08:29
CustomField Rating.png (17.6 KB) CustomField Rating.png Anonymous, 2015-04-23 13:10
non_member_view.png (69.3 KB) non_member_view.png Anonymous, 2015-04-23 13:13
CustomFieldRating.png (17.6 KB) CustomFieldRating.png Anonymous, 2015-04-23 13:20
Admin_issue_view.png (64.8 KB) Admin_issue_view.png Anonymous, 2015-04-23 13:31
non_member_issue_view.png (63.4 KB) non_member_issue_view.png Anonymous, 2015-04-23 13:31
Actions
Copy link
 #1

Updated by Toshi MARUYAMA over 9 years ago

I cannot reproduce on trunk r14192.



Actions
Copy link
 #2

Updated by Anonymous over 9 years ago

Toshi MARUYAMA wrote:

I cannot reproduce on trunk r14192.



I've tried in a public project and restricted the access to some of the members

I'm seeing this field as non member too

But non member is not able to see these fields in the issues view
I also had the same issue with redmine 3.0.1
But the one I was able to show is with 2.5.1.stable

Environment:
Redmine version 2.5.1.stable
Ruby version 1.9.3-p231 (2012-05-25) [i386-mingw32]
Rails version 3.2.17
Environment production
Database adapter Mysql2

Actions
Copy link
 #3

Updated by Anonymous over 9 years ago

Actions
Copy link
 #4

Updated by Anonymous over 9 years ago


Admin can see the two fields in the issue view


Non member is not able to see them there (this is correct) But he is able to see it in the context menu as in the above image

Actions
Copy link
 #5

Updated by Toshi MARUYAMA over 9 years ago

  • Status changed from Needs feedback to Closed
  • Resolution set to Cant reproduce

Anonymous wrote:

Environment:
Redmine version 2.5.1.stable
Ruby version 1.9.3-p231 (2012-05-25) [i386-mingw32]

Too old.

I tried list type custom filed on trunk, but I cannot reproduce.

Reporter deleted his account, so we cannot continue to discuss.

Actions
Copy link
 #6

Updated by alex dl over 9 years ago

It can reproduced if we give add/edit issues permission to non member in a public project

Actions
Copy link
 #7

Updated by Toshi MARUYAMA over 9 years ago

  • Status changed from Closed to New
  • Resolution deleted (Cant reproduce)
Actions
Copy link
 #8

Updated by Toshi MARUYAMA over 9 years ago

  • Status changed from New to Needs feedback

alex dl wrote:

It can reproduced if we give add/edit issues permission to non member in a public project

I cannot reproduce.

Actions
Copy link
 #9

Updated by Toshi MARUYAMA over 9 years ago

  • Related to Defect #19163: Bulk edit form shows additional custom fields added
Actions
Copy link
 #10

Updated by Toshi MARUYAMA over 9 years ago

  • Related to deleted (Defect #19163: Bulk edit form shows additional custom fields)
Actions
Copy link
 #11

Updated by Toshi MARUYAMA over 9 years ago

  • Status changed from Needs feedback to Closed
  • Resolution set to Duplicate

I think this is duplicate of #19163.

Actions
Copy link
 #12

Updated by Toshi MARUYAMA over 9 years ago

  • Status changed from Closed to New
  • Resolution deleted (Duplicate)
Actions
Copy link
 #13

Updated by Toshi MARUYAMA over 9 years ago

  • Status changed from New to Needs feedback
Actions
Copy link
 #14

Updated by Toshi MARUYAMA over 9 years ago

Toshi MARUYAMA wrote:

I think this is duplicate of #19163.

Sorry, #19163 fixed bulk edit form opened from context menu.
I still cannot reproduce this issue.

Actions
Copy link
 #15

Updated by Tomasz O over 9 years ago

I have the same problem on:

Redmine version                3.0.2.stable
 Ruby version                   1.9.3-p484 (2013-11-22) [x86_64-linux]
 Rails version                  4.2.1
 Environment                    production
 Database adapter               Mysql2
 (all plug-ins disabled)

My permissions are defined as below:

Please note that:
1. Target version should be 'read-only' since 'submitted', and the custom field 'resolution' should be read-only since stpassed
2. Custom field 'reason for nochange' should be 'required' and visible for 'nochange' status

I am trying to set status to 'nochange'

and I can see the following

1. Fields 'Target version' and 'resolution' are still available for edit
2. The custom field 'reason for nochange' is not displayed - although there is prompt that it can not be empty.
3. When I am selecting another value from the 'Status' list all fields remain unchanged, whereas some should become required or read-only.

I hope this helps with reproducing and solving this issue.
Tomek

Actions
Copy link
 #16

Updated by Toshi MARUYAMA over 9 years ago

  • Status changed from Needs feedback to New
Actions
Copy link

Also available in: Atom PDF