Project

General

Profile

Actions

Defect #20206

closed

Members w/o view issues permission are able to list issues on public projects if the non member role has the permission

Added by Toshi MARUYAMA over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Category:
Issues
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

Direct links return 403.
  • /issues/<id>
  • /projects/<id>/issues

But issues of project with no "View Issues" role are listed on "View all issues".


Related issues

Related to Redmine - Defect #19602: Non-Reporter role cannot see issue listNeeds feedback

Actions
Actions

Also available in: Atom PDF