Edgewall Software

Opened 6 years ago

Last modified 4 years ago

#11176 closed enhancement

Fine-grained permission checks should be enforced on the Report list page — at Version 1

Reported by: Ryan J Ollos <ryan.j.ollos@…> Owned by:
Priority: normal Milestone: 1.0.2
Component: report system Version: 1.0-stable
Severity: normal Keywords: permissions authzpolicy report
Cc: Branch:
Release Notes:
API Changes:

Description (last modified by Ryan J Ollos <ryan.j.ollos@…>)

If a user doesn't have permission to view a report because of the TracFineGrainedPermissions policy, then on the Report list page (/report):

  • The link should be inactive and have the forbidden styling.
  • The report description should not be shown.

Here is an example in which the user only has permission to view reports 1 and 4.

[report:1]
anonymous = REPORT_VIEW

[report:4]
anonymous = REPORT_VIEW

[report:*]
* =

Change History (3)

by Ryan J Ollos <ryan.j.ollos@…>, 6 years ago

Attachment: ReportList.png added

by Ryan J Ollos <ryan.j.ollos@…>, 6 years ago

Attachment: ReportList2.png added

comment:1 by Ryan J Ollos <ryan.j.ollos@…>, 6 years ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.