Project

General

Profile

Actions

Defect #28264

closed

Global and public custom queries are shown as editable to non administrators in projects

Added by Bernhard Rohloff over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Category:
Issues
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

If a globally available custom query is created by the administrator it gets shown as editable for project members who have the "Manage public queries" right. Because they don't have the right to edit a global public query, they get the following error message:

403 You are not authorized to access this page.

... which I think is the intended behavior.

The exact issue is that the icons for edit and delete are incorrectly shown in the filter section.

Steps to reproduce the issue:

  • Login as administrator
  • Create a global and public query
  • Login as project member with right "Manage public queries"
  • Enter the "Issues" tab within a project
  • Select the global and public query

Expected result: The icons for edit and delete are not shown

Result: The icons to edit and delete the query are shown in the filter section

The global "Issues" tab for all projects shows the expected result.

It seems to me that #14239 and #17669 describe the same issue but not in the correct way.


Files


Related issues

Related to Redmine - Defect #17669: Non admin users can't modify public queries for all projectClosed

Actions
Related to Redmine - Defect #14239: Error 403 when trying to edit custom queryClosed

Actions
Related to Redmine - Defect #9108: Custom query not saving status filterClosedEtienne Massip2011-08-23

Actions
Actions

Also available in: Atom PDF