Bug

Viewing Rights for Tasks and Efforts

Summary

open
Nov 28, 2008
Nov 28, 2008 / jeremy
Dec 9, 2008 / jeremy
pixtur
 

Attached files

No files uploaded
 
This task does not have any text yet.
Doubleclick here to add some.

Issue report

Major
Always
Apache/1.3.36 Server, PHP5
08093RC1
2008-11-15
Log in as a client, or a member. You can view the other person's tasks (from all different projects) without them being assigned to the certain project.

For example. We have 3 Users.

User A - Admin
User B - Base Developer
User C - Client

USer A is assigned to Project: 1, 2, 3, 4, 5. All with Tasks
User B is assigned to Project: 1, 2, 3. All with Tasks
User C is assigned to Project: 1. With Tasks

If User C logs in, clicks on a User A or B if they are published to client, and then click on their Tasks / Efforts, they can view all the tasks and efforts from Projects 1,2,3,4,5. But not the "Changes" or the "Projects" list.

That's for clients, but if User B, a team member logs in and lets say User A is published only to 'open' and not to clients. User B can see User A, but User C cant see User A. So that eliminates the Client seeing stuff. But since User B is part of the company of User A, User B can then click on User A, and then click on Tasks or Efforts to see all the Tasks and Efforts that User A has in all projects including, 4 and 5.


The expected results should be that User C can only view Tasks/Efforts of Project 1.

The expected results should be that USer B can only view Tasks/Efforts of Project 1,2, and 3.

Currently, it allows you to view everything, but unable to click in to view details.. just the subject line.
Make it like the Projects and Change tab where its only limited to that certain projet.
 

4 Comments

pixtur:Sorry...

6 years ago

I know that this problem is urgent and will take a look at it soon.


pixtur:ok...

6 years ago (2. update 6 years ago)

I think I fixed the problem for assignedTasks. But I somehow fail to reproduce this problem for efforts.

It would be cool to get an update of this.

madlyr:Is it in SVN? Which revision?

6 years ago

Hi Thomas,
in few days we plan to update our firm streber installation to v0.08093 RC1. Update from this bug is critical - should we get something from SVN (which revision) or wait for RC2 (when?)?

Radek

jeremy:

6 years ago

Well if it is fixed for the efforts on your end, that is great. Maybe its just a glitch on mine.

I also had another post in terms of client permission for efforst, not sure if you got it.

It is here: http://www.streber-pm.org/7236

Basically, clients can delete efforts that the team has made. A lot of times, we allow the client to see how much time is used by our team, so it would be good if they didnt have the permission to delete.

As for viewing efforts, did you try posting efforts for different tasks in different projects? And they didnt show up when you went to view that person's profile?