Modify ↓
Opened 16 years ago
Closed 16 years ago
#6326 closed defect (fixed)
[PATCH] Available reports page checks wrong permission realm
| Reported by: | Owned by: | Christian Boos | |
|---|---|---|---|
| Priority: | normal | Milestone: | 0.11 |
| Component: | report system | Version: | devel |
| Severity: | normal | Keywords: | permissions |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
Note: This got introduced with the context-refactoring.
When the report index page is displayed, permissions are checked against the ticket realm for each report id instead of the report realm. For each report, check_permissions is called for TICKET_VIEW instead of REPORT_VIEW. So if someone is denied access to ticket 2 they won't see report 2.
The attached patch changes the available reports query to return the realm column during results processing.
Attachments (1)
Change History (3)
by , 16 years ago
| Attachment: | report-realm-perms.diff added |
|---|
comment:1 by , 16 years ago
| Component: | ticket system → report system |
|---|---|
| Keywords: | permissions added |
| Milestone: | → 0.11 |
| Owner: | changed from to |
comment:2 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed in [6144].
The changeset is slightly different than your patch, as using the double-quote with PostgreSQL had some rather surprising side-effects…
Note:
See TracTickets
for help on using tickets.
Good catch!