Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Granted field access gets redacted by a later (alphabetically) permission #2893

Closed
rolfschmidt opened this issue Jan 15, 2020 · 0 comments
Closed

Comments

@rolfschmidt
Copy link
Collaborator

@rolfschmidt rolfschmidt commented Jan 15, 2020

Infos:

  • Used Zammad version: 3.2.x
  • Installation method (source, package, ..): source
  • Operating system: all
  • Database + version: all
  • Elasticsearch version: all
  • Browser + version: all
  • Ticket#: 1041326

Expected behavior:

Permissions of object manager attribute for screen should merge correctly for multiple permissions.

Actual behavior:

Permissions are always set based on the last permission looped for the screen of the object manager attribute.

Steps to reproduce the behavior:

Create a object attribute for 2 permissions:

  • ticket.agent
  • admin.organization

Enable shown state for admin.organization but not ticket.agent

Login with a user which contains a role and the configured permissions.

Now the Organizations tab in the admin interface will not show the object attribute because of the permissions which are not merged correctly.

bug.zip

@rolfschmidt rolfschmidt added the bug label Jan 15, 2020
@rolfschmidt rolfschmidt self-assigned this Jan 15, 2020
@thorsteneckel thorsteneckel changed the title Invalid permission handling for multiple permissions on a single screen Granted field access gets redacted by a later (alphabetically) permission Jan 15, 2020
@thorsteneckel thorsteneckel added this to the 3.3.0 milestone Jan 15, 2020
@thorsteneckel thorsteneckel added this to QA in Workflow Jan 15, 2020
zammad-sync pushed a commit that referenced this issue Jan 18, 2020
…phabetically) permission.
@thorsteneckel thorsteneckel moved this from QA to Done in Workflow Jan 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Workflow
  
Done
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.