Details
-
Bug
-
Resolution: Timed out
-
Medium
-
None
-
3.12.3
-
3.12
-
Severity 1 - Critical
-
-
Description
- If there is a project custom field configured,
- and the value for a particular issue is set to a project which the current user does not have permission to browse,
then when the user goes to edit the issue, the custom field will not contain the option of the currently set value, since the user does not have permission. Because of this, even if the user does not modify the value of the field, when they save the issue, the current value will be replaced with whatever is selected.
A possible solution to this would be to have an extra list option which has the text "Keep current value" (or something similar) and the value of the currently selected project. If we implement this solution, we need to ensure that the searcher options do not also have this extra option.
Attachments
Issue Links
- relates to
-
JRASERVER-14794 Information leak: Project Custom Field Type links to browse project regardless of user permission
- Closed