You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Leila Mekika (JIRA)" <ji...@apache.org> on 2018/04/26 09:08:00 UTC
[jira] [Commented] (OFBIZ-7741) Address scope peculiarities within
search/find functionality of projectmgr
[ https://issues.apache.org/jira/browse/OFBIZ-7741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16453723#comment-16453723 ]
Leila Mekika commented on OFBIZ-7741:
-------------------------------------
Hello [~pfm.smits],
I tried to reproduce in a recent trunk and didn't encounter the problem.
I tested it with DemoEmployee1 and DemoEmployee3 who can only see their project
Do you always encounter the problem ? And if yes, can you give us details (user, etc) so that we can reproduce ?
Thanks
> Address scope peculiarities within search/find functionality of projectmgr
> --------------------------------------------------------------------------
>
> Key: OFBIZ-7741
> URL: https://issues.apache.org/jira/browse/OFBIZ-7741
> Project: OFBiz
> Issue Type: Improvement
> Components: projectmgr
> Reporter: Pierre Smits
> Priority: Critical
>
> Currently the search/find functions in the projectmgr component also retrieves projects a user is not a participant in. This is especially critical regarding projects with scope 'WES_PRIVATE - private' or 'WES_CONFIDENTIAL - confidential'.
> These project may only be search for/found by users that are exlicit participants of the projects. This over ruless the generic permissions of 'PROJECTMGR_ADMIN' or 'PROJECTMGR_VIEW'.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)