Ticket #6949 (reopened defect)

Opened 2 years ago

Last modified 1 year ago

permission ondenial isn't working in special case

Reported by: dimitri.slavutsky@ict-se.de Assigned to: obs
Priority: high Component: BlackMagicTicketTweaksPlugin
Severity: blocker Keywords: ondenial, permissions, reports
Cc: Trac Release: 0.11

Description

Hi! I got a problem using this option. The case: - I got a field "initial_effort" 

[blackmagic]
tweaks = initial_effort
initial_effort.hide = false
initial_effort.ondenial = hide
initial_effort.permission = TRAC_ADMIN

- someone with permissions creates a custom report query and selects a initial_effort as a column - Sames this report - If someone without permission selects this report he can see this column with values.

In all other cases it seems to work properly.

Attachments

Change History

04/11/10 03:50:16 changed by obs

  • status changed from new to assigned.

Issue verified with trac 0.11.7, creating patch.

04/11/10 06:40:09 changed by obs

Issue fixed.

I've left it so the column remains but if the ondenial is set to "hide" the value will be replaced with a "-" this is the simplest way of doing it and also allows individual values to be show when using permission such as TICKET_IS_OWNER

04/11/10 06:41:24 changed by obs

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [7835]) fixed issue where users can see fields in reports that they don't have access to. Fixes #6949

09/23/10 11:20:50 changed by louise.howells@shropshire.gov.uk

  • keywords changed from ondenial, permissions to ondenial, permissions, reports.
  • priority changed from normal to high.
  • status changed from closed to reopened.
  • resolution deleted.
  • severity changed from normal to blocker.

Hi I seem to be having a similar problem. I have a custom field called name and the following in the ini file.

name.hide= false name.ondenial = hide name.permission = REPORT_CHAMP tweaks = name (plus a few others I need to tweak)

I have set the permission policies up in the ini file too.

When I create report that includes the name field it hides it when an anonymous user is viewing it (as expected). When I log in with a username that has been given the correct permission (REPORT_CHAMP) the field still does not show. When I click through to the ticket to see more information the name field is still missing.

It only seems to be half working for me. I have the newest version of the plugin and tried everything I can think of.

please help! It is a show show stopper for me because I can not truly hide all the sensitive fields.

Add/Change #6949 (permission ondenial isn't working in special case)




Change Properties
Action