1. Tempo Avatar Tempo
  2. Prime
  3. servertimesheet
  4. Issues

Users can see work logs of other users even if they are not in the timesheet auditors group

Issue #1089 closed
Former user created an issue

Hello Andriy,

we have the situation that work logs of other users can be seen even if users are not in of one of the configured Timesheet Auditors Groups.

Setup to reproduce

  • Timesheet Auditors Groups set
  • affected users is NOT member of one of these groups
  • Timesheet gadet configuration ++ Show entries created by user(s): entered own username, e.g. testuser ++ field role set to any other value than None, e.g. JIRA project role Users
  • We are using JIRA Software 7.0.10 Server and JIRA Timesheet Reports and Gadgets Plugin 3.0.7.2

Expected result:

Users with this setup cannot see work logs of other users

Actual result:

User can see work logs of other users in JIRA project role Users.

Can you confirm this bug?

With kind regards,

Patrice David Förster

Comments (9)

  2. Andriy Zhdanov

    Hi Patrice,

    I can't seem reproduce it on latest plugin version (3.0.8.1), could you please try if it's fixed with update?

    Thank you

  3. Former user Account Deleted reporter

    Hi @azhdanov,

    I am still able to reproduce it with plugin version 3.0.8.2 in JIRA 7.0.10.

    Maybe it's important to note that I did these tests with my personal JIRA account. I have system administration permissions but I configured Timesheets so that only our finance team, and team leaders are in the Timesheet Auditors Groups. Therefore, I mustn't see times logged even if I have project admin permissions in every project of this instance.

    If you need more details let me know.

    Cheers,

    Patrice

  4. Andriy Zhdanov

    Hi Patrice,

    I've finally reproduced it, by specifying myself in Target User. Fix will be available shortly.

    Thank you.

  7. Former user Account Deleted reporter

    Hello Andriy,

    Justed tested the fix. I confirm that it now works as expected with plugin version 3.0.8.3 in JIRA Software 7.0.10.

    Thank you,

    Patrice

  10. Log in to comment
Assignee
Type
bug
Priority
major
Status
closed
Component
Time Sheet report and gadget
Version
3.0
Votes
0
Watchers
1