problem

Users with limited rights see to much user names in the "Assigned users" dropdown list after clicking the "Enhanced filters" button. Only the users assigned to tasks the user is allowed to see should be seen here.

Also there is a performance problem, on my system I have 37 users, the request to fill the drop down returns 258 users (with duplications). Only 17 of the 37 should be visible for the current user, ~96 users are in the dropdown instead (with duplication, but also some of the other 37 users which should not be visible here.

reason

Wrong and to much joins in the userlist request.
Why the join to the tasks here at all?
The logic from loadAllWithUserData is not respected

solution hints

Remove the dependency to the task call here, makes it easier
Move the userlistAction and load functions into the TaskUserAssoc classes
change the customer join, so that it joins with the customer of the current user, not the task
check if there user data access restrictions in loadAllWithUserData which should be respected here

Attachments

Activity

People

Assignee:: Aleksandar Mitrev

Reporter:: Thomas Lauria

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/Feb/2020 12:09

Updated:: 02/Mar/2020 05:43

Resolved:: 24/Feb/2020 06:13