Defect #28069

Queries 403 error if query author is not in the roles list

Added by Stephane Evr over 3 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:


Target version:-
Resolution: Affected version:


How to reproduce (with vanilla redmine 3.4):

- Go to a project where you are a member with Role A
- create a query and save it. make it visible to Role B
- Save the query

- Error 403

In my opinion, a query should always be visible to its author, provided that he has sufficient rights to access the project.

How to fix it:

In the case above, a simple check on user == self.user should fix the problem

Also available in: Atom PDF