View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0026749 | mantisbt | authorization | public | 2020-02-27 03:31 | 2020-03-10 17:23 |
Reporter | jacekwww | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | no change required | ||
Product Version | 2.22.1 | ||||
Summary | 0026749: user has access to other projects. | ||||
Description | I attach a screenshot and extract from the database: select p.name AS Projekt, u.username AS USER FROM mantis_project_user_list_table AS l \ +--------------+---------+ | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
Are all the displayed projects |
|
Unless projects are marked as private, all users have access to them; project_user_list table only contains overrides to the global access (for both public and private projects). Your SQL does not take that into consideration, please look at the query in user_api.php, function user_get_accessible_projects() for the correct logic. Since you did not provide this information, I assume that the projects you don't want to see (marked by the red X in your screenshot) are public. |
|
oh, thank you for the information and please close the issue. for debug:
EDIT (dregad): markdown |
|
Thanks for the feedback. |
|