View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0023223mantisbtfilterspublic2017-08-15 11:562017-10-08 23:52
Reportercproensa Assigned Tocproensa  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.6.0 
Target Version2.7.0Fixed in Version2.7.0 
Summary0023223: Custom fields filter does not account for read access at project level
Description

Filtering by a custom field value can show issues that matches the searched value, but the user does not have read access for according to that issue's project.

Example:
Having projects A, and B which is subrpoject of A. Both private.
A custom field CF defined with "manager" read access
A user that is member of project A as manager, and B as reporter.

When the user is set is project A, and use a simple filter to search for the custom field value, issues from project B appear, even if the actual custom field value is not showed (it shows as empty, or 0)

TagsNo tags attached.

Relationships

child of 0023443 closedcproensa Fixes related to custom fields on filters, columns and visibility 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master fd38b5d3

2017-08-15 16:34

cproensa

Committer: dregad


Details Diff		 Account for project permission on custom fields filter

When filtering on custom fields, return only issues where the custom
fields is viewable by the user according to each project access level.

Fixes: 0023223		 Affected Issues
0023223
mod - core/filter_api.php Diff File