RedDwarfRulez
27-04-06, 12:47 AM
OS: Debian Linux (Sarge)
PHP: 4.3.10-16
dotProject: 2.0.2
Locales: no additional loaded, English
MySQL: 4.1.11
Browser: Firefox v1.0.8
Summary: companies do not appear in company list, either when I click on "Companies", or when I click on a company name in the projects list and then click on the link "company list" that appears on the View Company page.
Details: I logged in as user A and created a company owned by that user. I then logged in as user B and was able to create projects for that company, but I cannot see the company in any of the lists. I was able to determine that the ownership of the record is the culprit. Only the owner of a company can see it in the companies list. Is this by design or is it a bug? It does not offer any security because even though user B cannot list user A's companies, user B can still edit it and assign it to projects.
I have further verified that this does not appear to have anything to do with roles. Users A and B both have full rights to the companies module. I've checked to see if other modules behave in the same way, and they do not. Any user can view or edit ALL projects for instance...
All in all, it seems very inconsistent and though it may be by design, I'd like to hear an explanation since if I roll out this app., all of my users will have the same question.
PHP: 4.3.10-16
dotProject: 2.0.2
Locales: no additional loaded, English
MySQL: 4.1.11
Browser: Firefox v1.0.8
Summary: companies do not appear in company list, either when I click on "Companies", or when I click on a company name in the projects list and then click on the link "company list" that appears on the View Company page.
Details: I logged in as user A and created a company owned by that user. I then logged in as user B and was able to create projects for that company, but I cannot see the company in any of the lists. I was able to determine that the ownership of the record is the culprit. Only the owner of a company can see it in the companies list. Is this by design or is it a bug? It does not offer any security because even though user B cannot list user A's companies, user B can still edit it and assign it to projects.
I have further verified that this does not appear to have anything to do with roles. Users A and B both have full rights to the companies module. I've checked to see if other modules behave in the same way, and they do not. Any user can view or edit ALL projects for instance...
All in all, it seems very inconsistent and though it may be by design, I'd like to hear an explanation since if I roll out this app., all of my users will have the same question.