Using Groups to add ticket CC's - bug or incorrect permissions?


#1

Hi all,

We’re running 4.4.2 against Postgres. We’ve encountered an interesting issue and we have no idea if it’s a bug or not.

We’ve started to add some groups that we’ll use to make it easy to add the correct watchers to tickets. So we need to go to the People tab, search for the group we want and then add it as a CC.

Root users see the correct list when they search:

image

However non-root users see the list headers but not the list content.

image

The HTML contains simple html for the header and no other content before the Type/Email header.

That smells like a permission problem but I can find no permission to govern the display of groups in search.

Even if there is such a thing and I’m about to be educated (!) I think that this is a bug in that the Type/Group header appears only when there’s a match. If the permission should restrict what can be matched, the header should not appear when no items should be visible as this otherwise leaks information to the viewer.

Can anyone offer any advice on this ?

Simon.


#2

Hello Simon,

Can you confirm that the non-root user has the “SeeGroup” right?

Thanks,
Craig


#3

Hi,

That did it. SeeGroup was not granted to the non-root users. I might have known it would be something simple !

Thanks for you help.

That leaves the empty table problem as a bug that should be added to the backlog. I’ll file that when I get a few minutes.

Simon.