Content
View differences
Updated by Robin Wagner about 5 years ago
### **Environment**:
OpenProject 11.2
### **Steps to reproduce:**
1. Create a work package custom field that is not activated for all projects.
2. Activate this custom field in only some projects
3. As a user who doesn't have access to the projects in which those custom fields are activated, navigate to the global work package list
4. Open the column menu and select the custom field.
### **Actual Behavior**
The custom field can be selected as a column - even though the user is not allowed to see it (CF name could contain sensitive information).
### **Expected Behavior**
User cannot select custom fields for projects he/she doesn't have access to.
OpenProject 11.2
### **Steps to reproduce:**
1. Create a work package custom field that is not activated for all projects.
2. Activate this custom field in only some projects
3. As a user who doesn't have access to the projects in which those custom fields are activated, navigate to the global work package list
4. Open the column menu and select the custom field.
### **Actual Behavior**
The custom field can be selected as a column - even though the user is not allowed to see it (CF name could contain sensitive information).
### **Expected Behavior**
User cannot select custom fields for projects he/she doesn't have access to.