Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-7919

Epics/Capabilities Recycle/Cancel bin: any user with access to the bin can see all the items on it

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 11.10.0
    • 11.6.0
    • Epics - Grid
    • Severity 3 - Minor
    • No

      Issue Summary

      When accessing the Epics/Capabilities Recycle/Cancel bin, the user can select "All Programs" to display the items that were deleted/canceled, even those that the user is not a member. This allows the user to restore/delete items that should not be visible to them at all.

      Steps to Reproduce

      1. With a User that is part of only one Program, and has access to the bins, go to the recycle bin
      2. Now select "Select ALL" for Program and PI
      3. See how the list will include all deleted items, even the ones the user is not part of the Portfolio/Program
      4. And how he can restore/delete any of them

      Expected Results

      Recycle/Cancel bin would follow the same logic that the grids use for access to items.

      Actual Results

      Recycle/Cancel bin doesn't apply the logic of being a member of a Portfolio/Program to see items.

      Workaround

      Currently, there is no known workaround for this behavior. A workaround will be added here when available

              5ed8ef87d2cd Karen Bradshaw (Inactive)
              7b5a6a24aeb0 Allan Silva
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: