Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 451902 - Global views can contain fields not viewable by external users
Summary: Global views can contain fields not viewable by external users
Keywords:
Status: NEW
Alias: None
Product: Issue-Tracker
Classification: Retired
Component: User Interface
Version: 4.6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Lisa Lu
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-18 01:35 UTC by Gary Case
Modified: 2008-06-18 01:35 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Gary Case 2008-06-18 01:35:27 UTC
Description of problem:
When altering the view of a group under Issues > Alter display for: (group
name), it's possible to select non-employee viewable items and then save the
view as the global default. This results in the standard default view for
non-employees, not the customized one created by the RH employee. The system
should parse the available columns and refuse to save a global default view
(this is global default, not global employee default) if any columns have been
selected that cannot be viewed by customers.

Version-Release number of selected component (if applicable):
4.6

How reproducible:
Always

Steps to Reproduce:
1. Log in to IT as a RH employee
2. Go to Issues > Alter display for: (group name)
3. Add columns like "Pri" or "PS" and save as global default view
4. Non-RH users will see the standard default instead of the newly customized
view, as it contains columns they have no access to.
  
Actual results:
The system allows saving of non-customer viewable columns as the global default.
Customers don't get the custom view created by the RH employee because of this.

Expected results:
The system should reject attempts to save global default views that contain
non-customer viewable fields. Perhaps we should color code the items or "*" them
to let people know they're internal only fields?

Additional info:


Note You need to log in before you can comment on or make changes to this bug.