Content
View differences
Updated by Aleix Suau over 5 years ago
### **Environment**:
community.openproject.com
OpenProject 11.0.4
### **Steps to reproduce:**
1. Create a board (e.g. Status board) which has a project filter (e.g. "Subproject of") and filters either for certain projects users has not access to or filters our projects user has no access to.
2. User navigates to the board.
Example: Go to https://community.openproject.com/projects/openproject/boards/2905 and add filter for projects other users don't have access to. Then access that board as a user without access to those (sub-)projects.
### **Actual Behavior**
Board cannot be loaded / error displayed for all columns.
<figure class="image op-uc-figure"><div class="op-uc-figure"><div class="op-uc-figure--content"><img class="op-uc-image" src="/api/v3/attachments/19965/content"></div></figure>
<figure class="image op-uc-figure"><div class="op-uc-figure"><div class="op-uc-figure--content"><img class="op-uc-image" src="/api/v3/attachments/19966/content"></div></figure>
### **Expected Behavior**
The board is loaded.
Similar to work packages, users should - based on their permission - see only those work packages they have access to.
### Notes:
Possible solution:
* The board/grid contains Issue another request with the filters, then they filters that are used to get applied on the form (this .apiV3Service.queries.form.loadWithParams) that returns the filters section (issue a query with eg for type and project ignoring the filters that grouping (specifying pagesize 0, performance)) + provide 'valid\_subset=true' parameter in the user is not allowed to see out. query
* We can Check the result and compare then the board filters query that we sent with the query filters returned
* If there is any positive filter (is) removed, the the entire board would become invalid >> Show global error message
* If there is no such a removed filter, we issue the normal filterset (columns + filters) and provide valid subset === true parameter
Problems: filters are in different format + it doesn't feel right.
Branch: fix/35563-hide-boards-user-is-not-allowed
community.openproject.com
OpenProject 11.0.4
### **Steps to reproduce:**
1. Create a board (e.g. Status board) which has a project filter (e.g. "Subproject of") and filters either for certain projects users has not access to or filters our projects user has no access to.
2. User navigates to the board.
Example: Go to https://community.openproject.com/projects/openproject/boards/2905 and add filter for projects other users don't have access to. Then access that board as a user without access to those (sub-)projects.
### **Actual Behavior**
Board cannot be loaded / error displayed for all columns.
<figure class="image op-uc-figure"><div
<figure class="image op-uc-figure"><div
### **Expected Behavior**
The board is loaded.
Similar to work packages, users should - based on their permission - see only those work packages they have access to.
### Notes:
Possible solution:
* The board/grid contains
* We can
* If there is any positive filter (is) removed, the the entire board would become invalid >> Show global error message
* If there is no such a removed filter, we issue the normal filterset (columns + filters) and provide valid subset === true parameter
Problems: filters are in different format + it doesn't feel right.
Branch: fix/35563-hide-boards-user-is-not-allowed