Home My Page Projects FusionForge
Summary Activity Forums Tracker Lists News SCM Files Mediawiki Hudson/Jenkins

[#682] docman: forge search does not respect roles access

Date:
2014-05-28 09:57
Priority:
3
State:
Closed
Submitted by:
Franck Villaume (nerville)
Assigned to:
Franck Villaume (nerville)
Target Release:
5.3.1
Found in Version:
5.3
Severity:
minor
Resolution:
Fixed
Summary:
docman: forge search does not respect roles access

Detailed description
When we search for documents using the search box with the flags "documents", we get results including private informations.

The results should be limited to exact roles.
Message  ↓
Date: 2014-05-30 18:45
Sender: Franck Villaume

fix in Branch_5_3: 7353d7c1a1262d2ee669277dbb6c53a021c9a0b6

Date: 2014-05-30 13:24
Sender: Franck Villaume

here is the scenario :
- create a project
- enable docman
- create a folder
- add a document
- link anonymous role to the project
- set project visible to anonymous role
- forbid access to docman to anonymous role
- search the document using the search form

Currently, you get the document description.

Date: 2014-05-28 15:03
Sender: Roland Mas

searchTest.php has a test case for that; obviously it's not comprehensive enough. Could you add the relevant scenario there to demonstrate the bug (and prevent regressions)?

Field Old Value Date By
status_idOpen2014-05-30 18:45nerville
close_dateNone2014-05-30 18:45nerville
assigned_tonone2014-05-30 18:45nerville
Target ReleaseNone2014-05-30 18:45nerville
ResolutionNone2014-05-30 18:45nerville