Opened 17 years ago
Closed 17 years ago
#6326 closed defect (fixed)
[PATCH] Available reports page checks wrong permission realm
Reported by: | Owned by: | Christian Boos | |
---|---|---|---|
Priority: | normal | Milestone: | 0.11 |
Component: | report system | Version: | devel |
Severity: | normal | Keywords: | permissions |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
Note: This got introduced with the context-refactoring.
When the report index page is displayed, permissions are checked against the ticket realm for each report id instead of the report realm. For each report, check_permissions is called for TICKET_VIEW instead of REPORT_VIEW. So if someone is denied access to ticket 2 they won't see report 2.
The attached patch changes the available reports query to return the realm column during results processing.
Attachments (1)
Change History (3)
by , 17 years ago
Attachment: | report-realm-perms.diff added |
---|
comment:1 by , 17 years ago
Component: | ticket system → report system |
---|---|
Keywords: | permissions added |
Milestone: | → 0.11 |
Owner: | changed from | to
comment:2 by , 17 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed in [6144].
The changeset is slightly different than your patch, as using the double-quote with PostgreSQL had some rather surprising side-effects…
Good catch!