View Issue Details

IDProjectCategoryView StatusLast Update
0023232mantisbtfilterspublic2017-10-08 23:52
Reportercproensa Assigned Tocproensa  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.6.0 
Target Version2.7.0Fixed in Version2.7.0 
Summary0023232: Custom field is showed in filter when the user has not view access
Description

The filter form populates all custom fields when the current project is ALL_PROJECTS
Having, for example:

  • A custom field assigned to a private project
  • The custom field view threshold is defined as "manager"
  • The user is member of said project, with access level "reporter"

If the user has selected "all projects", the custom field appear in the filter form, even when he shouldn't be able to view any value, and wouldn't have any visible value to filter on.

TagsNo tags attached.

Relationships

child of 0023443 closedcproensa Fixes related to custom fields on filters, columns and visibility 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master b139b96d

2017-08-15 14:21

cproensa

Committer: dregad


Details Diff
Include custom fields from all included projects

When retrieving custom fields to show in the filter form, evaluate all
projects included in the filter scope.
Previously, evaluation of subprojects only happened when filtering from
ALL_PROJECTS.

Additionally, check access level for the defined view threshold, to only
show those custom fields that are viewable by the user

Fixes: 0005713, 0023232
Affected Issues
0005713, 0023232
mod - core/filter_form_api.php Diff File