Forum

Hi,

I think iv'e found a little bug in mantis view bug page:
I've got a few users that have developer role in a project, but in the rest of projects are reporters. The configuration is set that Reporters can only access their own issues.
The problem is that when i access the "view issues" page with one of these users, if there is a project selected, the list of issues is correct. If user is a developer in project, the list shows all views, and if user is a reporter, only shows user's own issues; but if the option "all projects" is selected, the list shows all issues of all projects in which user is developer or user, even when user is a reporter in a project he can see al issues in project.
If he tries to access a issue of a project that is not of his property, the message "access denied" appears. This is correct, but i want to hide these issues in the "view issues" page.
I've hope you to undestand me and help me to resolve this "bug".

Any help will be apprecited.

I didn't find the right solution from the Internet.

References:
https://www.mantisbt.org/forums/viewtopic.php?t=18855
Cryptocurrency Explainer Video

Thank you.

 

You need to be a member of OWASP to add comments!

Join OWASP

Email me when people reply –