[ 
https://issues.apache.org/jira/browse/OFBIZ-7741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16786706#comment-16786706
 ] 

Michael Brohl commented on OFBIZ-7741:
--------------------------------------

Did you check this with other users except the admin users (admin, fulladmin)?

The admin user has full permissions in all applications so it is expected that 
he can see the projects.

> Address scope peculiarities within search/find functionality of projectmgr
> --------------------------------------------------------------------------
>
>                 Key: OFBIZ-7741
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-7741
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: projectmgr
>    Affects Versions: Trunk, 17.12.01, 16.11.04, 16.11.05
>            Reporter: Pierre Smits
>            Priority: Minor
>         Attachments: projectmgr-projectsearch-admin.png, 
> projectmgr-summary-admin.png
>
>
> Currently the search/find functions in the projectmgr component also 
> retrieves projects a user is not a participant in. This is especially 
> critical regarding projects with scope 'WES_PRIVATE - private' or 
> 'WES_CONFIDENTIAL - confidential'.
> These project may only be search for/found by users that are exlicit 
> participants of the projects. This over ruless the generic permissions of 
> 'PROJECTMGR_ADMIN' or 'PROJECTMGR_VIEW'.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to