Modify

Opened 14 years ago

Closed 4 years ago

#6949 closed defect (wontfix)

permission ondenial isn't working in special case

Reported by: dimitri.slavutsky@… Owned by: obs
Priority: high Component: BlackMagicTicketTweaksPlugin
Severity: blocker Keywords: ondenial, permissions, reports
Cc: Trac Release: 0.11

Description

Hi! I got a problem using this option. The case:

  • I got a field "initial_effort"
    [blackmagic]
    tweaks = initial_effort
    initial_effort.hide = false
    initial_effort.ondenial = hide
    initial_effort.permission = TRAC_ADMIN
    
  • someone with permissions creates a custom report query and selects a initial_effort as a column
  • Sames this report
  • If someone without permission selects this report he can see this column with values.

In all other cases it seems to work properly.

Attachments (0)

Change History (5)

comment:1 Changed 14 years ago by obs

Status: newassigned

Issue verified with trac 0.11.7, creating patch.

comment:2 Changed 14 years ago by obs

Issue fixed.

I've left it so the column remains but if the ondenial is set to "hide" the value will be replaced with a "-" this is the simplest way of doing it and also allows individual values to be show when using permission such as TICKET_IS_OWNER

comment:3 Changed 14 years ago by obs

Resolution: fixed
Status: assignedclosed

(In [7835]) fixed issue where users can see fields in reports that they don't have access to. Fixes #6949

comment:4 Changed 13 years ago by louise.howells@…

Keywords: reports added
Priority: normalhigh
Resolution: fixed
Severity: normalblocker
Status: closedreopened

Hi I seem to be having a similar problem. I have a custom field called name and the following in the ini file.

name.hide= false name.ondenial = hide name.permission = REPORT_CHAMP tweaks = name (plus a few others I need to tweak)

I have set the permission policies up in the ini file too.

When I create report that includes the name field it hides it when an anonymous user is viewing it (as expected). When I log in with a username that has been given the correct permission (REPORT_CHAMP) the field still does not show. When I click through to the ticket to see more information the name field is still missing.

It only seems to be half working for me. I have the newest version of the plugin and tried everything I can think of.

please help! It is a show show stopper for me because I can not truly hide all the sensitive fields.

comment:5 Changed 4 years ago by Ryan J Ollos

Resolution: wontfix
Status: reopenedclosed

This plugin is deprecated in Trac 1.4 and later. See migration tips on BlackMagicTicketTweaksPlugin page.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain obs.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.