Opened 8 years ago

# permission ondenial isn't working in special case

Reported by: Owned by: dimitri.slavutsky@… obs high BlackMagicTicketTweaksPlugin blocker ondenial, permissions, reports 0.11

### Description

Hi! I got a problem using this option. The case:

• I got a field "initial_effort"
[blackmagic]
tweaks = initial_effort
initial_effort.hide = false
initial_effort.ondenial = hide

• someone with permissions creates a custom report query and selects a initial_effort as a column
• Sames this report
• If someone without permission selects this report he can see this column with values.

In all other cases it seems to work properly.

### comment:1 Changed 8 years ago by obs

Status: new → assigned

Issue verified with trac 0.11.7, creating patch.

### comment:2 Changed 8 years ago by obs

Issue fixed.

I've left it so the column remains but if the ondenial is set to "hide" the value will be replaced with a "-" this is the simplest way of doing it and also allows individual values to be show when using permission such as TICKET_IS_OWNER

### comment:3 Changed 8 years ago by obs

Resolution: → fixed assigned → closed

(In [7835]) fixed issue where users can see fields in reports that they don't have access to. Fixes #6949

### comment:4 Changed 8 years ago by louise.howells@…

Keywords: reports added normal → high fixed normal → blocker closed → reopened

Hi I seem to be having a similar problem. I have a custom field called name and the following in the ini file.

name.hide= false name.ondenial = hide name.permission = REPORT_CHAMP tweaks = name (plus a few others I need to tweak)

I have set the permission policies up in the ini file too.

When I create report that includes the name field it hides it when an anonymous user is viewing it (as expected). When I log in with a username that has been given the correct permission (REPORT_CHAMP) the field still does not show. When I click through to the ticket to see more information the name field is still missing.

It only seems to be half working for me. I have the newest version of the plugin and tried everything I can think of.

please help! It is a show show stopper for me because I can not truly hide all the sensitive fields.

### Modify Ticket

Change Properties