-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
5.1, 8.20.6
-
5.01
-
6
-
Severity 3 - Minor
-
1
-
Custom field type 'Multi User Picker' will affect the Browser Project Permission, which users does not have the browser project permission(does not belong to any groups/project role related) will be able to view the project when add the custom filed into the 'browser project'.
To reproduce the problem by using the following steps:
- Create a custom field by using the 'Multi User Picker' for all issue types and for project 'testing':
- Add the custom field to the 'Browse Projects' permission in project 'testing'.
- Create TWO users who does not belong to the browse projects permission users, in this testing case, they must not belong to 'Project Role (Administrators)', let's say 'amanda' and 'user'
- Create a issue 'mytest' and add user 'user' in the custom field.
- Log in as 'amanda'. you will be able to view the project 'testing', but not able to view any issues in this project.
- Log in as 'user', you will be able to view the project 'testing' and the issue 'mytest'
- Delete the custom field from browse projects, both 'amanda' and 'user' will not be able to view the project 'testing' as expected.
- is caused by
-
JRASERVER-37057 As an administrator, I would like to be able to grant permissions to browse projects and to browse issues independently
- Gathering Interest
- is related to
-
JRASERVER-37117 Grant "Browse Project" permission to "User Custom Field Value" makes project visible to all users
- Long Term Backlog
- mentioned in
-
Page Loading...