Posted by sderrick on June 7, 2009 at 4:06am
Jump to:
| Project: | Project issue tracking |
| Version: | 6.x-1.x-dev |
| Component: | Views integration |
| Category: | task |
| Priority: | normal |
| Assigned: | dww |
| Status: | closed (fixed) |
Issue Summary
Just installed Project and Project Issue Tracker
I have set the permissions for both modules to be limited to the admin and editor roles.
However when I log in as an authenticated user, the menu items "Issues" & "My Projects" are displayed in the main navigation menu? If you click on the menu items you get the appropriate dialog with an empty list and a message "No issues match your criteria."
This seems like a bug but maybe there is some configuration setting I'm not aware of?
Comments
#1
The problem is that the default views that ship with the module do no access checking of their own. At the very least, they should probably honor the "access content" permission. Sadly, issue permissions are a bit of a tangled mess:
#317404: Add Project Permissions Functionality
#234463: Remove 'access * project *' permissions
http://drupal.org/project/project_access
http://drupal.org/project/project_permissions
...
I'm not sure what the default views should do given all of this mess. We're moving away from the "access * issues" permissions, and those will probably be removed entirely before the 6.x-1.0 release. But, I'm not sure what the default views should do in that case...
#2
For now, I just added a permission check for 'access content' on all the default views, since we should at least do that much. We can reopen this if/when we need to when the dust settles on the other stuff I mentioned in #1.
#3
Automatically closed -- issue fixed for 2 weeks with no activity.