permission ondenial isn't working in special case

[dimitri.slavutsky@…]

Hi! I got a problem using this option. The case:

• I got a field "initial_effort"

  [blackmagic]
  tweaks = initial_effort
  initial_effort.hide = false
  initial_effort.ondenial = hide
  initial_effort.permission = TRAC_ADMIN
  

• someone with permissions creates a custom report query and selects a initial_effort as a column
• Sames this report
• If someone without permission selects this report he can see this column with values.

In all other cases it seems to work properly.

[obs]

Issue verified with trac 0.11.7, creating patch.

[obs]

Issue fixed.

I've left it so the column remains but if the ondenial is set to "hide" the value will be replaced with a "-" this is the simplest way of doing it and also allows individual values to be show when using permission such as TICKET_IS_OWNER

[obs]

(In [7835]) fixed issue where users can see fields in reports that they don't have access to. Fixes #6949

[louise.howells@…]

Hi I seem to be having a similar problem. I have a custom field called name and the following in the ini file.

name.hide= false name.ondenial = hide name.permission = REPORT_CHAMP tweaks = name (plus a few others I need to tweak)

I have set the permission policies up in the ini file too.

When I create report that includes the name field it hides it when an anonymous user is viewing it (as expected). When I log in with a username that has been given the correct permission (REPORT_CHAMP) the field still does not show. When I click through to the ticket to see more information the name field is still missing.

It only seems to be half working for me. I have the newest version of the plugin and tried everything I can think of.

please help! It is a show show stopper for me because I can not truly hide all the sensitive fields.

[Ryan J Ollos]

This plugin is deprecated in Trac 1.4 and later. See migration tips on BlackMagicTicketTweaksPlugin page.