Details
-
Bug
-
Resolution: Fixed
-
None
-
Critical
-
Empty show more show less
Description
problem
Users with limited rights see to much user names in the "Assigned users" dropdown list after clicking the "Enhanced filters" button. Only the users assigned to tasks the user is allowed to see should be seen here.
Also there is a performance problem, on my system I have 37 users, the request to fill the drop down returns 258 users (with duplications). Only 17 of the 37 should be visible for the current user, ~96 users are in the dropdown instead (with duplication, but also some of the other 37 users which should not be visible here.
reason
- Wrong and to much joins in the userlist request.
- Why the join to the tasks here at all?
- The logic from loadAllWithUserData is not respected
solution hints
- Remove the dependency to the task call here, makes it easier
- Move the userlistAction and load functions into the TaskUserAssoc classes
- change the customer join, so that it joins with the customer of the current user, not the task
- check if there user data access restrictions in loadAllWithUserData which should be respected here