[#682] docman: forge search does not respect roles access



Detailed description

When we search for documents using the search box with the flags "documents", we get results including private informations.

The results should be limited to exact roles.

General Information
Submitted by:
Franck Villaume
Date Submitted: 2014-05-28 09:57
Last Modified by: Nobody
Last Modified: 2017-11-02 20:00
Date Closed: 2014-05-30 18:45
Permalink: https://fusionforge.org/tracker/a_follow.php/682
Internal Fields
Data Type: Bugs
Assigned to: Franck Villaume (nerville)
State: Closed
Priority: 3
Extra Fields
Target Release:
Follow-up tabs
Message  ↓
Date: 2014-05-30 18:45
Sender: Franck Villaume

fix in Branch53: 7353d7c1a1262d2ee669277dbb6c53a021c9a0b6

Date: 2014-05-30 13:24
Sender: Franck Villaume

here is the scenario : - create a project - enable docman - create a folder - add a document - link anonymous role to the project - set project visible to anonymous role - forbid access to docman to anonymous role - search the document using the search form

Currently, you get the document description.

Date: 2014-05-28 15:03
Sender: Roland Mas

searchTest.php has a test case for that; obviously it's not comprehensive enough. Could you add the relevant scenario there to demonstrate the bug (and prevent regressions)?

No attached documents

No related commits.

Field Old Value Date By
status_idOpen2014-05-30 18:45
Franck Villaume
close_dateNone2014-05-30 18:45
Franck Villaume
assigned_tonone2014-05-30 18:45
Franck Villaume
Target ReleaseNone2014-05-30 18:45
Franck Villaume
ResolutionNone2014-05-30 18:45
Franck Villaume

No relations found.