Apply Rights check on addDefaultWhere to allow list all ProjectTasks in RestAPI #17168
Conversation
|
This is the currently expected behavior as the only way to search project tasks in the web UI is through the "My tasks" button on the project page(s). To handle that case, the restrictions were added directly to the Search engine which has the side effect of affecting the API. |
There was a problem hiding this comment.
Removing this will result, for people that have the right to see all tasks, in viewing all tasks of all projects in the My tasks views instead of viewing only their tasks.
Due to the way the projects and the project tasks team management is done in GLPI, I am not sure it is possible to add a search option that would permit to replace this default WHERE condition by a default Team members contains myself criteria. If it is possible, then maybe it would be a way to solve this problem.
Anyway, changing this should not be done on GLPI 10.0, as it would probably have unexpected side effects and as it may be considered as a too important change for a bugfix version by some end users.
Using RestAPI to list all subitems from Project, it the subitem is ProjectTask only return values where I am Task Team member, but if I have all Rights on projects I want see all Tasks.