Uploaded image for project: 'Crucible'
  1. Crucible
  2. CRUC-5570

Crucible comment and general search potentially excludes valid results

    XMLWordPrintable

Details

    Description

      Both crucible comment search (ie CONTEXT/cru/commentSearch) and general search (ie CONTEXT/cru/search) have permission checking incorporated into the hibernate query, but the way they do it can exclude valid results. They generate a list of projects that the user can see and restrict the search results to those projects, but that ignores permissions schemes which also allow viewing by role — for example, if a person can't normally view a project but if they're added as a reviewer to a review in that project they can see that review.

      Attachments

        Activity

          People

            Unassigned Unassigned
            abuttfield Anna Buttfield [Atlassian]
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 0.3h
                0.3h