View Issue Details

IDProjectCategoryView StatusLast Update
0026199mantisbtsecuritypublic2019-10-07 16:50
Reportermcmo Assigned Toatrol  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionno change required 
Product Version2.1.0 
Summary0026199: Global access level overrides project access rights
Description

dear All
I just noticed a really bothering issue:
we have the following defined the following access levels:
$g_access_levels_enum_string = '1:unassigned,5:customer_viewer,10:viewer,35:customer_updater,40:updater,50:assignable_reseller,55:developer,60:support_team_member,70:manager,71:manager_not_notified,90:administrator';
if I create two users dev1 and dev2 whose global access level is developper, and if I create two private projects A and B, if I give the project access level developer to dev1 into A and to dev2 into B, but no local access level for dev1 into B and dev2 into A, then:
1 - dev1 and dev2 can be assigned tickets in both projects
2 - dev1 and dev2 can access both projects as developpers!

has that been fixed in more recent versions than 2.1?

Thanks in advance

TagsNo tags attached.

Activities

mcmo

mcmo

2019-09-27 12:20

reporter   ~0062923

Hi all
this was caused by a too low value of g_private_project_threshold .
this can be closed. sorry for the disturbance

Issue History

Date Modified Username Field Change
2019-09-27 12:04 mcmo New Issue
2019-09-27 12:20 mcmo Note Added: 0062923
2019-09-27 17:03 atrol Assigned To => atrol
2019-09-27 17:03 atrol Status new => resolved
2019-09-27 17:03 atrol Resolution open => no change required
2019-10-07 16:50 atrol Status resolved => closed