Project

General

Profile

Actions
Copy link

Defect #9405

closed

Any user with :log_time permission can edit time entries via context menu

Added by Jevgen Gyrynovych about 13 years ago. Updated almost 13 years ago.

Status:
Closed
Priority:
High
Assignee:
Jean-Philippe Lang
Category:
Time tracking
Target version:
1.2.3
Start date:
2011-10-11
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

In Redmine 1.2.0 or later any user can edit any time entries via context menu.
Example url: http://redmine/projects/testproject/time_entries and click right mouse button on any time entries.
img1.png - user have permission to edit any time entries
img2-4.png - user edit time entries without permission on it.

As you can see, user with permissions have icons for edit time report, but user without permissions can do this via context menu anyway.

PS: I set high priority to ticket. I think, this serious defect?

Files

Download all files
img1.png (16.7 KB) img1.png Jevgen Gyrynovych, 2011-10-11 19:31
img2.png (13.6 KB) img2.png Jevgen Gyrynovych, 2011-10-11 19:31
img3.png (16.9 KB) img3.png Jevgen Gyrynovych, 2011-10-11 19:31
img4.png (16.4 KB) img4.png Jevgen Gyrynovych, 2011-10-11 19:31
redmine.rb.patch (1.16 KB) redmine.rb.patch Jevgen Gyrynovych, 2011-11-25 15:40

Related issues

Related to Redmine - Feature #7996: Bulk edit and context menu for time entriesClosedToshi MARUYAMA

Actions
Actions
Copy link

Also available in: Atom PDF