maxrossello
commented
7 years ago At first sight I may think that the third party plugins decide to display the attachments in a project according to the visibility of the whole project rather than enumerating the accessibility of each issue. Of course when an extended watcher is added, then the project becomes visible although only the accessible issues are listed. If the other plugin just checks for project visibility, then it's going to display everything. Regards, Massimo
bashforever
Hi!
First: this plugin works also great on Redmine 3.3.0! We use it to allow specific redmine-users access to selected topics in two ways:
My problem is, that when using other plugins allowing access to attachments on project or global level (like xapian-fulltext search or redmine_all_files plugin which shows a list of all attachments of a project (or globally)), the display and access of the attachments is not restricted to the ticket visibility for the "extended" watchers but shows all attachments of the whole project the watcher (now) has access to some tickets.
So those "project scope" attachment plugins do not limit access to objects based on the restricted access to tickets as implemented with extended_watchers. For me it is not clear whether this is really a problem of the "other" plugins or a problem that "extended_watchers_plugin" only handles access to ticket correctly and does assume that this also covers access to plugins (instead of bringing this restriction also to the visibility of attachments).
I hope this description was somewhat clear.
Thanks a lot
Immanuel.