You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Michael Brohl (JIRA)" <ji...@apache.org> on 2019/03/07 12:30:00 UTC
[jira] [Commented] (OFBIZ-7741) Address scope peculiarities within
search/find functionality of projectmgr
[ https://issues.apache.org/jira/browse/OFBIZ-7741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16786706#comment-16786706 ]
Michael Brohl commented on OFBIZ-7741:
--------------------------------------
Did you check this with other users except the admin users (admin, fulladmin)?
The admin user has full permissions in all applications so it is expected that he can see the projects.
> Address scope peculiarities within search/find functionality of projectmgr
> --------------------------------------------------------------------------
>
> Key: OFBIZ-7741
> URL: https://issues.apache.org/jira/browse/OFBIZ-7741
> Project: OFBiz
> Issue Type: Improvement
> Components: projectmgr
> Affects Versions: Trunk, 17.12.01, 16.11.04, 16.11.05
> Reporter: Pierre Smits
> Priority: Minor
> Attachments: projectmgr-projectsearch-admin.png, projectmgr-summary-admin.png
>
>
> Currently the search/find functions in the projectmgr component also retrieves projects a user is not a participant in. This is especially critical regarding projects with scope 'WES_PRIVATE - private' or 'WES_CONFIDENTIAL - confidential'.
> These project may only be search for/found by users that are exlicit participants of the projects. This over ruless the generic permissions of 'PROJECTMGR_ADMIN' or 'PROJECTMGR_VIEW'.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)