ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leila Mekika (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-7741) Address scope peculiarities within search/find functionality of projectmgr
Date Thu, 26 Apr 2018 09:08:00 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-7741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16453723#comment-16453723
] 

Leila Mekika commented on OFBIZ-7741:
-------------------------------------

Hello [~pfm.smits],

I tried to reproduce in a recent trunk and didn't encounter the problem.

I tested it with DemoEmployee1 and DemoEmployee3 who can only see their project

Do you always encounter the problem ? And if yes, can you give us details (user, etc) so that
we can reproduce ?

Thanks

> Address scope peculiarities within search/find functionality of projectmgr
> --------------------------------------------------------------------------
>
>                 Key: OFBIZ-7741
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-7741
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: projectmgr
>            Reporter: Pierre Smits
>            Priority: Critical
>
> Currently the search/find functions in the projectmgr component also retrieves projects
a user is not a participant in. This is especially critical regarding projects with scope
'WES_PRIVATE - private' or 'WES_CONFIDENTIAL - confidential'.
> These project may only be search for/found by users that are exlicit participants of
the projects. This over ruless the generic permissions of 'PROJECTMGR_ADMIN' or 'PROJECTMGR_VIEW'.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message