-
Bug
-
Resolution: Fixed
-
High
-
7.13.0, 8.0.0, 8.5.5, 8.8.1, 8.11.0, 8.11.1, 8.12.1, 8.13.1, 8.5.10, 8.15.0, 8.21.0
-
7.13
-
89
-
Severity 3 - Minor
-
675
-
Issue Summary
JRASERVER-17783 introduced a feature that enable users to edit others' dashboard. But specifying user and group as editors at the same time removes individual users' right to edit dashboard, if the user is not in the group.
Environment
Versions after JRASERVER-17783.
i.e. 7.12.x - and later.
Steps to Reproduce
- Login as any admin user
Create user1 that doesn't belong to jira-administrators group - Create custom dashboard and add user1 user and jira-administrators group as editor
- Login as user1
- Visit the custom dashboard created in step 2
Additional scenario: # Create two groups (Group A, Group B) # Create 3 users, User 1, User 2, User 3 # Add 3 users to group jira-users (the one that allow access to jira) and Group A # Add User 1 and User 2 to Group B # With User 1 create dashboard, share it for view with jira-users # Share created dashboard for edit for Group A and Group B Expected result: User 2 and User 3 can edit shared dasbhoard Actual result: User 2 that is the member of 2 groups can edit dashboard, User 3 that is member of Group A only - can only view
Additional Scenario 2: Create 3 groups (Group1, Group2, Group3) Create a User1, Add user to Group1, Group2 Add Group1, Group2 and Group3 as Viewers In Editor add just a user: User1 User1 is member in Group1 and Group2 but not in Group3 User1 can't edit the dashboard, until added to Group3
Expected Results
user1 can edit the dashboard
Actual Results
user1 cannot.
Notes
If you removed jira-administrators group from the list of editor, user1 is able to edit the dashboard.
Workaround
Keep users always included in the group.
- is duplicated by
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
- is blocked by
-
PSSRV-37455 Loading...
- is related to
-
- mentioned in
-
-
-
-
-
-
-