[
https://issues.apache.org/jira/browse/OFBIZ-7741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16457484#comment-16457484 ]
Pierre Smits commented on OFBIZ-7741:
-------------------------------------
See attached screenshot 'projectmgr-projectsearch-admin.png' showing that a project with scopeEnumId = "WES_CONFIDENTIAL" is visibility to a party not assigned to the project (see screenshot 'projectmgr-summary-admin.png').
Having confidential project visible to parties outside of the scope (parties assigned) defies the definition of confidential.
> Address scope peculiarities within search/find functionality of projectmgr
> --------------------------------------------------------------------------
>
> Key: OFBIZ-7741
> URL:
https://issues.apache.org/jira/browse/OFBIZ-7741> Project: OFBiz
> Issue Type: Improvement
> Components: projectmgr
> Reporter: Pierre Smits
> Priority: Critical
> Attachments: projectmgr-projectsearch-admin.png, projectmgr-summary-admin.png
>
>
> Currently the search/find functions in the projectmgr component also retrieves projects a user is not a participant in. This is especially critical regarding projects with scope 'WES_PRIVATE - private' or 'WES_CONFIDENTIAL - confidential'.
> These project may only be search for/found by users that are exlicit participants of the projects. This over ruless the generic permissions of 'PROJECTMGR_ADMIN' or 'PROJECTMGR_VIEW'.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
