0026199: Global access level overrides project access rights - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0026199	mantisbt	security	public	2019-09-27 12:04	2019-10-07 16:50

Reporter	mcmo	Assigned To	atrol
Priority	high	Severity	major	Reproducibility	always
Status	closed	Resolution	no change required
Product Version	2.1.0

Summary	0026199: Global access level overrides project access rights
Description	dear All I just noticed a really bothering issue: we have the following defined the following access levels: $g_access_levels_enum_string = '1:unassigned,5:customer_viewer,10:viewer,35:customer_updater,40:updater,50:assignable_reseller,55:developer,60:support_team_member,70:manager,71:manager_not_notified,90:administrator'; if I create two users dev1 and dev2 whose global access level is developper, and if I create two private projects A and B, if I give the project access level developer to dev1 into A and to dev2 into B, but no local access level for dev1 into B and dev2 into A, then: 1 - dev1 and dev2 can be assigned tickets in both projects 2 - dev1 and dev2 can access both projects as developpers! has that been fixed in more recent versions than 2.1? Thanks in advance
Tags	No tags attached.

mcmo 2019-09-27 12:20 reporter ~0062923	Hi all this was caused by a too low value of g_private_project_threshold . this can be closed. sorry for the disturbance