Content
View differences
Updated by Aleix Suau over 5 years ago
### **Environment**:
community.openproject.com
OpenProject 11.0.4
### **Steps to reproduce:**
1. Create a board (e.g. Status board) which has a project filter (e.g. "Subproject of") and filters either for certain projects users has not access to or filters our projects user has no access to.
2. User navigates to the board.
Example: Go to https://community.openproject.com/projects/openproject/boards/2905 and add filter for projects other users don't have access to. Then access that board as a user without access to those (sub-)projects.
### **Actual Behavior**
Board cannot be loaded / error displayed for all columns.
<figure class="op-uc-figure"><div class="op-uc-figure--content"><img class="op-uc-image" src="/api/v3/attachments/19965/content"></div></figure> class="image"><img src="/api/v3/attachments/19965/content"></figure>
<figure class="op-uc-figure"><div class="op-uc-figure--content"><img class="op-uc-image" src="/api/v3/attachments/19966/content"></div></figure> class="image"><img src="/api/v3/attachments/19966/content"></figure>
### **Expected Behavior**
The board is loaded.
Similar to work packages, users should - based on their permission - see only those work packages they have access to.
NOtes:
Remove subproject filtered from status board but bot on a board that is grouped by attribute
* Issue another request with the filters that are applied on the filters section (issue a query eg for type and project ignoring the grouping (specifying pagesize 0, performance)) + provide 'valid\_subset=true' parameter in the query
* Check the result and compare the query that we sent with the query returned
* If there is any positive filter (is) removed, the the entire board would become invalid >> Show global error message
* If there is no such a removed filter, we issue the normal filterset (columns + filters) and provide valid subset === true parameter
community.openproject.com
OpenProject 11.0.4
### **Steps to reproduce:**
1. Create a board (e.g. Status board) which has a project filter (e.g. "Subproject of") and filters either for certain projects users has not access to or filters our projects user has no access to.
2. User navigates to the board.
Example: Go to https://community.openproject.com/projects/openproject/boards/2905 and add filter for projects other users don't have access to. Then access that board as a user without access to those (sub-)projects.
### **Actual Behavior**
Board cannot be loaded / error displayed for all columns.
<figure class="op-uc-figure"><div class="op-uc-figure--content"><img class="op-uc-image" src="/api/v3/attachments/19965/content"></div></figure>
<figure class="op-uc-figure"><div class="op-uc-figure--content"><img class="op-uc-image" src="/api/v3/attachments/19966/content"></div></figure>
### **Expected Behavior**
The board is loaded.
Similar to work packages, users should - based on their permission - see only those work packages they have access to.
NOtes:
Remove subproject filtered from status board but bot on a board that is grouped by attribute
* Issue another request with the filters that are applied on the filters section (issue a query eg for type and project ignoring the grouping (specifying pagesize 0, performance)) + provide 'valid\_subset=true' parameter in the query
* Check the result and compare the query that we sent with the query returned
* If there is any positive filter (is) removed, the the entire board would become invalid >> Show global error message
* If there is no such a removed filter, we issue the normal filterset (columns + filters) and provide valid subset === true parameter