Status: Gathering Impact (View Workflow)
Affects Version/s: 3.0.10, 3.10.1
Fix Version/s: None
Support reference count:10
Symptom Severity:Severity 3 - Minor
Bug Fix Policy:
If a User whether it is an agent or customer sending an email with an existing issue key on its subject (or have an intention to comment on an existing ticket), if they don't have the permission to view the ticket due to security level, this misleading "You do not have permission to view this attachment" will shown on the JSD Email Settings "Processing Log"
- Create a Dummy Service Desk project and set the Mail Channel
- Create a new Issue Security Scheme and set the Security Level as simple as:
- Name: Level 1
- Current Assignee
- Assign the scheme to the dummy project.
- As a customer create a ticket
- Back as an agent1, set the security level of that ticket to "Level 1"
- As an agent2 that have the permission to access the project, prepare an email with the issue key as the subject.
- Comment on the mail body and attach a file.
- Send the Email
- The email will be rejected as the agent2 does not have permission to access the ticket with a message "You do not have permission to view the ticket" on the "Processing Log"
- The email is rejected with a message "You do not have permission to view this attachment" on the Processing log
- Based on my test:
- If there is no attachment, the comment is added even though that user not able to view it.
- If there is an attachment, with the "You do not have permission to view this attachment" the attachment is still added while the comment is not.