Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-19601

Report showReport() does not actually block access to the report

XMLWordPrintable

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      When creating an own report, one can block the link from being visible by returning false in the showReport() -function (see com.atlassian.jira.plugin.report.impl.AbstractReport). What this does, however is not what one would expect. The report can still be accessed by a user that cannot see the link. This is possible by giving the correct URL:
      http://[server]:[port]/jira/secure/ConfigureReport!default.jspa?selectedProjectId=[project_id]&reportKey=[report_plugin_id]

      This is super easy to fix, just check showReport() in all steps for creating and showing the report (such as generateReportHtml() and constructHtml()). This is how I have dealt with this in my reports i want to hide. However, this should be dealt in AbstractReport instead.

              Unassigned Unassigned
              790cb4f9dbbe Ivar Ekman
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: