Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
5.1.4, 5.2.5
-
5.01
-
3
-
Severity 2 - Major
-
0
-
Description
Customers do not get all issues in a search they are allowed to access:
Steps to reproduce:
- Two users in this testing case:
- 'admin' as administrator who belong to all project roles
- 'amanda' as a user who belong to jira-users, and create a group named '1' add 'amanda' to this group 1
- Sign in as Administrator
- Create a select list custom filed named "cust", and set two values "1" and "2".
- Associate "cust" with create issue screen.
- Create a project 'test' and set the Issue Security and Browser Project Permission as following:
Current Assignee Group Custom Field Value (cust) Reporter
- Create two issues:
- TEST-1, Both Reporter and Assignee are admin, and choose 'cust' with value '1'
- TEST-2, One of Reporter or Assignee is 'amanda' and choose 'cust' with value '1'
- Search in Advanced search with query:
cust = "1"
- Search by using user 'admin', you will see both issue.
- Search by using user 'amanda', you will only see the issue which the 'Reporter' or 'Assignee' as amanda, but if you key in another issue's issue key TEST-1 in Quick Search, you will be able to view TEST-1.
Note: If the user 'amanda' does not belong to group '1' which the group name is same with the custom filed 'cust' value's name '1', amanda will not able to view TEST-1 as she is not belong to reporter/assignee of this issue.
If user are able to view the issue which not assigned or reported by himself, but with the security level which contain the group custom field value, the user should also be able to search for all the issues which contain the custom filed value.
Attachments
Issue Links
- duplicates
-
JSP-142918 Loading...