brustj / tracmor

Automatically exported from code.google.com/p/tracmor
GNU General Public License v2.0
0 stars 0 forks source link

User role permissions not enforced when cloning assets #96

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Edit a users role, removing permission to view one or more custom fields
2. Sign in as the aforementioned user and open an asset.
3. Note that while you are unable to view the custom fields that you removed 
view access to, if you use the Clone feature, these values are displayed on the 
new asset page.

What is the expected output? What do you see instead?
Users should never be able to see the values for fields that they do not have 
view permission for.

Please use labels and text to provide additional information.

Original issue reported on code.google.com by jsincl...@tracmor.com on 10 Nov 2011 at 6:52

GoogleCodeExporter commented 8 years ago
This issue was closed by revision r885.

Original comment by kovserg@gmail.com on 18 Nov 2011 at 3:59