dotProject Forums

Go Back   dotProject Forums > DOTPROJECT VERSION 1.0.2 > 1.0.2 (Old Version) Core Modules - General Questions
Register FAQTop Posters Members List Calendar Search Today's Posts Resend Activation Email Mark Forums Read
Bugs & Feature Requests Download dotProject

1.0.2 (Old Version) Core Modules - General Questions Use this forum to ask questions or seek answers about any of the core dotProject modules. These core modules include: Calendar, Tasks and Projects, Files, Contacts, Ticketsmith, Forums, User Administration, System Administration etc.

Reply
 
Thread Tools Display Modes
  #1  
Old 21-06-04, 12:55 AM
mrhobbs mrhobbs is offline
Junior Member
Return Visitor
dotProject Version:
php Version:
MySQL Version:
Operating System Version:
Browser:
 
Join Date: 24-05-04
Posts: 5
Default

Hello
I have created a user with read only access on one project only. When I log in as that user, I am able to see that one project, so that works fine.

However, when that user looks at the reports for that project, they are able to checkmark all projects and then able to access other projects for which they should be denied.

How can I prevent this from occuring? Are my permissions incorrect or is this a bug? Is there a work around available?

Reply With Quote
  #2  
Old 25-06-04, 11:57 AM
mrhobbs mrhobbs is offline
Junior Member
Return Visitor
dotProject Version:
php Version:
MySQL Version:
Operating System Version:
Browser:
 
Join Date: 24-05-04
Posts: 5
Default Separate presentation from logic (MVC style)

possible workaround

I have disabled the "reports" link on the projects page. This is not ideal but prevents a client from accessing projects that should be denied. This was done by editing modules/projects/view.php. and changing the text of $titleBlock->addCrumb( "?m=projects&a=reports&project_id=$project_id" , "reports" );

remove reports but leave the ""

if anyone has any ideas how to enable this for admin but not for clients, please let me know

Reply With Quote
  #3  
Old 12-09-08, 04:00 PM
RodrigoDC RodrigoDC is offline
Junior Member
Return Visitor
dotProject Version:
php Version:
MySQL Version:
Operating System Version:
Browser:
 
Join Date: 07-02-08
Posts: 8
Default Re: reports and permissions-a back door?

Has this issue been resolved? Obviously deleting the reports link will prevent users form different companies/projects to see other companies/projects. However, this also prevents admins from generating reports.

Does anybody care to comment on how to restrict users form viewing ONLY the reports that corresponds to their companies and/or projects?

Thanks,
Rodrigo

Reply With Quote
  #4  
Old 09-12-12, 03:59 AM
ronei.candido ronei.candido is offline
Junior Member
New Participant
dotProject Version: 2.1.6
php Version: 5.1
MySQL Version: 5.0
Operating System Version: Windows
Browser: Firefox
 
Join Date: 09-12-12
Posts: 1
Default Re: reports and permissions-a back door?

Hello, people ! My first post here !
I am enjoying this software, it is really nice. I think I "solved" this, maybe it helps for you. Following what I did for the role:
- Non-Admin Modules: allow view and deny other itens;
- Projects: deny everything;
- Projects again: allow view for the project I wanted.
And thats it. The "project report" link is still there, but when the user clicks in "all", it is showed the message "access denied". For the project related to the user, it works (at least for me).
It worked for me. Please let me know if worked for you as well !

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +10. The time now is 09:53 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.