On 18. Jun, 2013, at 14:02, Anze Staric wrote: > While working on integration od FineGrainedPermissions into bhsearch, > I have discovered that Dashboard does not always use permissions the > way it should. > > My test setup is the following: > user anonymous has *_VIEW on global, but no product specific > permissions. There are two products DEMO and MNP. > > With this setup, anonymous can access global Dashboard, where it sees > all the tickets and all the products. He cannot access product > specific dashboards (no PRODUCT_VIEW permission). Links to > products/tickets in the global dashboard also redirect to login. > > If I add PRODUCT_VIEW permission for both products, anonymous can > access the dashboards, but ticket and timeline widgets crash (no > TICKET_VIEW permissions). > > FineGrainedPermissions are also not taken into the account. > > Should we do something abou this now or should we leave it for 0.7?
If it's a quick fix (i.e. no major side-effects) I think it should be fixed for the 0.6 release. -- matevz > > > Anze
