Defect #20469

Document Access

Added by santhosh narayana almost 7 years ago. Updated almost 7 years ago.

Status:Needs feedbackStart date:
Priority:NormalDue date:2015-09-05
Assignee:-% Done:

0%

Category:Documents
Target version:-
Resolution: Affected version:2.5.1

Description

Have two projects : Project1, Project2

Member1 assigned to Project1, Member2 assigned to Project2.

Member1 uploaded document, doc1 in one of the issue under Project1
Member2 uploaded document, doc2 in one of the issue under Project2

Member1 able to access doc2 !
https://<application.com>/requests_download/40924

Member2 able to access doc1 !
https://<application.com>/requests_download/40923

Found that anyone can access any document - document added in wiki page, file uploaded in an issue, documents added in "Files" module.

Please let us know how to fix this ?

History

#1 Updated by Jan Niggemann (redmine.org team member) almost 7 years ago

  • Due date set to 2015-09-05
  • Status changed from New to Needs feedback

How are the members and roles set up? Are both members administrators? Do both projects share same root (look at RedmineProjectSettings)?

Also available in: Atom PDF