Edgewall Software

Opened 6 years ago

Last modified 5 years ago

#11176 closed enhancement

Fine-grained permission checks should be enforced on the Report list page — at Initial Version

Reported by: Ryan J Ollos <ryan.j.ollos@…> Owned by:
Priority: normal Milestone: 1.0.2
Component: report system Version: 1.0-stable
Severity: normal Keywords: permissions authzpolicy report
Cc: Branch:
Release Notes:
API Changes:


If a user doesn't have permission to view a report because of the TracFineGrainedPermissions policy, then on the Report list page (/report):

  • The link should be inactive and have the forbidden styling.
  • The report description should not be shown.

Here is an example in which the user only has permission to view reports 1 and 4.

anonymous = REPORT_VIEW

anonymous = REPORT_VIEW

* =

Change History (2)

by Ryan J Ollos <ryan.j.ollos@…>, 6 years ago

Attachment: ReportList.png added

by Ryan J Ollos <ryan.j.ollos@…>, 6 years ago

Attachment: ReportList2.png added
Note: See TracTickets for help on using tickets.