Permission check mismatches button semantics
In source:/tags/4.2.0/app/views/issues/index.html.erb#L16 the link goes to the
issues tab of the project settings. The button is only shown if the user has the
manage_categories permission but the permission required for this tab is
Note that this is only a UI issue, the button might be shown to users that cannot see the tab that it links to or the button might not be shown to users that would be able to see the tab that it links too, but upon following the link the correct permission is checked. There also is no information disclosure associated with this issue.