Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 451902

Summary: Global views can contain fields not viewable by external users
Product: [Retired] Issue-Tracker Reporter: Gary Case <gcase>
Component: User InterfaceAssignee: Lisa Lu <llu>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.6   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Gary Case 2008-06-18 01:35:27 UTC
Description of problem:
When altering the view of a group under Issues > Alter display for: (group
name), it's possible to select non-employee viewable items and then save the
view as the global default. This results in the standard default view for
non-employees, not the customized one created by the RH employee. The system
should parse the available columns and refuse to save a global default view
(this is global default, not global employee default) if any columns have been
selected that cannot be viewed by customers.

Version-Release number of selected component (if applicable):
4.6

How reproducible:
Always

Steps to Reproduce:
1. Log in to IT as a RH employee
2. Go to Issues > Alter display for: (group name)
3. Add columns like "Pri" or "PS" and save as global default view
4. Non-RH users will see the standard default instead of the newly customized
view, as it contains columns they have no access to.
  
Actual results:
The system allows saving of non-customer viewable columns as the global default.
Customers don't get the custom view created by the RH employee because of this.

Expected results:
The system should reject attempts to save global default views that contain
non-customer viewable fields. Perhaps we should color code the items or "*" them
to let people know they're internal only fields?

Additional info: