Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-14867

Project CF value can be lost if user doesnt have permission to browse the selected project and they attempt to edit the issue

    XMLWordPrintable

Details

    • 3.12
    • Severity 1 - Critical
    • Hide
      Atlassian Update – 04 December 2017

      Hi everyone,

      We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collect votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Time Out.

      Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Jira team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Atlassian Bugfix Policy for more details.

      We understand how disappointing this decision may be, but we hope you'll appreciate our transparent approach and communication.

      Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments.

      Thank you,
      Ignat Alexeyenko
      Jira Bugmaster

      Show
      Atlassian Update – 04 December 2017 Hi everyone, We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collect votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Time Out . Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Jira team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Atlassian Bugfix Policy for more details. We understand how disappointing this decision may be, but we hope you'll appreciate our transparent approach and communication. Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments. Thank you, Ignat Alexeyenko Jira Bugmaster

    Description

      • If there is a project custom field configured,
      • and the value for a particular issue is set to a project which the current user does not have permission to browse,

      then when the user goes to edit the issue, the custom field will not contain the option of the currently set value, since the user does not have permission. Because of this, even if the user does not modify the value of the field, when they save the issue, the current value will be replaced with whatever is selected.

      A possible solution to this would be to have an extra list option which has the text "Keep current value" (or something similar) and the value of the currently selected project. If we implement this solution, we need to ensure that the searcher options do not also have this extra option.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-14794 Information leak: Project Custom Field Type links to browse project regardless of user permission

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              mtokar Michael Tokar
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: