Uploaded image for project: 'ONE'
  1. ONE
  2. ONE-583

Users without Jira Assign issues permission can modify Assignee using Board warnings

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Done
    • prod/bigpicture-jiraserver-7.2.0
    • None
    • ppm
    • None
    • Agile
    • BigPicture
    • JIRA server
    • $i18n.getText("admin.common.words.hide")
      $i18n.getText("admin.common.words.show")
      var cfToHide1 = document.getElementById("rowForcustomfield_18501"); if(cfToHide1){cfToHide1.style.display="none";} var cfToHide2 = document.getElementById("rowForcustomfield_18502"); if(cfToHide2){cfToHide2.style.display="none";} var cfToHide3 = document.getElementById("rowForcustomfield_19700"); if(cfToHide3){cfToHide3.style.display="none";} var cfToHide4 = document.getElementById("rowForcustomfield_18400"); if(cfToHide4){cfToHide4.style.display="none";}
    • 1 week, 6 days, 20 hours, 15 minutes, 49 seconds
    • 3 hours, 45 minutes, 45 seconds
    • 18 hours, 12 minutes, 43 seconds
    • 0
    • 0
    • 0
    • 0
    • $i18n.getText("admin.common.words.hide")
      $i18n.getText("admin.common.words.show")
      var cfToHide1 = document.getElementById("rowForcustomfield_21302"); if(cfToHide1){cfToHide1.style.display="none";} var cfToHide2 = document.getElementById("rowForcustomfield_19201"); if(cfToHide2){cfToHide2.style.display="none";} var cfToHide3 = document.getElementById("rowForcustomfield_19300"); if(cfToHide3){cfToHide3.style.display="none";} var cfToHide4 = document.getElementById("rowForcustomfield_19301"); if(cfToHide4){cfToHide4.style.display="none";} var cfToHide5 = document.getElementById("rowForcustomfield_19302"); if(cfToHide5){cfToHide5.style.display="none";} var cfToHide6 = document.getElementById("rowForcustomfield_19303"); if(cfToHide6){cfToHide6.style.display="none";} var cfToHide7 = document.getElementById("rowForcustomfield_19204"); if(cfToHide7){cfToHide7.style.display="none";} var cfToHide8 = document.getElementById("rowForcustomfield_19205"); if(cfToHide8){cfToHide8.style.display="none";}

    Description

      Steps to Reproduce:

      1. Create a new Jira user
      2. In Permission settings make sure that the user doesn't have the 'Assign Issues' permission
      3. As admin set 'Permissions to Everyone'
      4. Log in as the created user and navigate to any Program
      5. Navigate to Board and enable 'Show Warnings'
      6. Click on the '!' icon on a task card and select another assignee
      7. Notice that the Assignee was changed

      Expected:

      Users without 'Assign Issues' permissions should not be able to reassign issues on the Board

      Attachments

        Activity

          People

            marcin.hareza Marcin Hareza
            marcin.kozinski Marcin Koziński
            mateusz.kielbowicz Mateusz Kielbowicz , jacek.ejsmont Jacek Ejsmont (Inactive) , michal.niwinski Michal Niwinski , piotr.romanski Piotr Romański (Inactive) , pawel.guz Pawel Guz , evgeny.frolov Evgeny Frolov (Inactive) , marcin.hareza Marcin Hareza , marcin.kozinski Marcin Koziński
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: