Project

General

Profile

Actions

Patch #29162

closed

Only allow visible custom fields as aggregation criteria in time reports

Added by Holger Just over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Time tracking
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

In time reports, the user can currently select any custom field defined in the Redmine system as an aggregation criteria. This can lead to confusion since the returned data might not reflect the custom field or might even lead to an information leak regarding the existence of a hidden custom field. The data returned in the report itself is correctly filtered so that the field is only considered if it is actually visible to the current user.

The attached patch filters the custom fields available as aggregation criteria in the report to only allow the use of visible custom fields.


Files


Related issues

Related to Redmine - Patch #29161: Avoid SQL errors when adding a project custom field as a time report criteriaClosedGo MAEDA

Actions
Actions #1

Updated by Holger Just over 5 years ago

  • Related to Patch #29161: Avoid SQL errors when adding a project custom field as a time report criteria added
Actions #2

Updated by Holger Just over 5 years ago

With just this patch, we can avoid the consequences of #29161 (at least I have not found any other place where this is an issue). Still, we should also apply #29161 to make the method save to use for ProjectCustomFields.

Actions #3

Updated by Go MAEDA over 5 years ago

  • Target version set to Candidate for next minor release
Actions #4

Updated by Go MAEDA over 5 years ago

I confirmed the problem. Setting the target version to 3.3.9.

Actions #5

Updated by Go MAEDA over 5 years ago

  • Status changed from New to Resolved
  • Assignee set to Go MAEDA
Actions #6

Updated by Go MAEDA over 5 years ago

  • Status changed from Resolved to Closed
  • Target version changed from 3.3.9 to 4.0.0

Committed. Thank you for detecting and fixing this issue.

Actions

Also available in: Atom PDF