| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0026749 | mantisbt | authorization | public | 2020-02-27 03:31 | 2020-03-10 17:23 |
| Reporter | jacekwww | Assigned To | dregad | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | no change required | ||
| Product Version | 2.22.1 | ||||
| Summary | 0026749: user has access to other projects. | ||||
| Description | I attach a screenshot and extract from the database: select p.name AS Projekt, u.username AS USER FROM mantis_project_user_list_table AS l \ +--------------+---------+ | ||||
| Tags | No tags attached. | ||||
 |
Are all the displayed projects |
 |
Unless projects are marked as private, all users have access to them; project_user_list table only contains overrides to the global access (for both public and private projects). Your SQL does not take that into consideration, please look at the query in user_api.php, function user_get_accessible_projects() for the correct logic. Since you did not provide this information, I assume that the projects you don't want to see (marked by the red X in your screenshot) are public. |
 |
oh, thank you for the information and please close the issue. for debug: EDIT (dregad): markdown |
|
|
Thanks for the feedback. |
