Details
-
Bug
-
Resolution: Answered
-
Low
-
3.10.3, 4.0.0
-
Severity 3 - Minor
-
Description
Changing user to "not crucible" affects only Creating new reviews/issues.
The user is still able to view any existing review/snippet and perform any other action on this review/snippet according to permission scheme for the given project (close, delete, . I don't think it is what the admin would expect.
We should probably prevent any 'non-crucible' user from seeing any crucible content. This change could confuse some users however who can currently view reviews, and on upgrade will no longer be able to do so.
Also, this may be intentional: a crucible user may be defined purely as someone who can create reviews. Not someone who can necessarily view review data.