Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
7.3.3, 7.5.0, 8.1.0, 7.13.2, 7.6.12, 9.4.11
-
7.03
-
42
-
Severity 2 - Major
-
9
-
Description
Summary
When accessing JIRA without logging in, Dashboard drop down button does not have Manage Dashboard link. But user is able to access <Base URL>/secure/ConfigurePortalPages.jspa?view=popular directly.
Steps to Reproduce
- Access Manage Dashboard directly by using this URL; <Base URL>/secure/ConfigurePortalPages.jspa?view=popular.
- User will be able to see Dashboards that are Public.
Expected Results
The user should be able to access the page from the UI (not by entering URL) to access all the Public dashboard.
Actual Results
The user needs to manually navigate to the URL to access this page.
Notes
This applies to <Base URL>/secure/ManageFilters.jspa?filterView=popular as well
Workaround
- Shutdown JIRA
- Edit the actions.xml located in the JIRA-INSTALL/atlassian-jira/WEB-INF/classes directory
- Modify the file from:
<action name="filter.ManageFilters" alias="ManageFilters"> <view name="success">/secure/views/filter/managefilters.jsp</view> <view name="contentonly">/secure/views/filter/managefilters-content.jsp</view> <view name="securitybreach">/secure/views/securitybreach.jsp</view> <view name="error">/secure/views/filter/managefilters.jsp</view> </action>to:
<action name="filter.ManageFilters" alias="ManageFilters" roles-required="use"> <view name="success">/secure/views/filter/managefilters.jsp</view> <view name="contentonly">/secure/views/filter/managefilters-content.jsp</view> <view name="securitybreach">/secure/views/securitybreach.jsp</view> <view name="error">/secure/views/filter/managefilters.jsp</view> </action>
Added the roles-required="use"
- Restart JIRA
- Repeat the steps for alias="ConfigurePortalPages">
Attachments
Issue Links
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
JRASERVER-43960 Shared filters page display username of filter owners for public
- Closed
-
- Under Consideration