We’re running 4.4.2 against Postgres. We’ve encountered an interesting issue and we have no idea if it’s a bug or not.
We’ve started to add some groups that we’ll use to make it easy to add the correct watchers to tickets. So we need to go to the People tab, search for the group we want and then add it as a CC.
Root users see the correct list when they search:
However non-root users see the list headers but not the list content.
The HTML contains simple html for the header and no other content before the Type/Email header.
That smells like a permission problem but I can find no permission to govern the display of groups in search.
Even if there is such a thing and I’m about to be educated (!) I think that this is a bug in that the Type/Group header appears only when there’s a match. If the permission should restrict what can be matched, the header should not appear when no items should be visible as this otherwise leaks information to the viewer.
Can anyone offer any advice on this ?