• Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major Major
    • 2.LATER
    • 2.8.8
    • Other
    • None

      How to reproduce

      Impossible to limit access to this page. If we make the same right configuration on the preferred page. indeed we will not have access to the preference page

          [WORKSPACES-1460] Unable to limit statistics page access

          Laurence Aumeunier added a comment - - edited

          This is a normal behavior, all project's managers have access to this page. Members not.

          Indeed, there is a access controller which give automatically access to the page for project's manager (ReportsPageAccessController)

          Your manager is ALLOWED by this access controller and DENIED by your profile affectations but for connected users only, so ALLOWED wins.

          To disable access to report page, you have 2 choices:

          • Untag "Statistiques" page: the page keeps accessible by url but it will be not visible in user menu
          • or disable access for each users or groups (not only for any connected users)

          As improvment, ReportsPageAccessController could be reviewed, to not be based on manager status but based on a specific right (to add to admin profiles)
          So by default a manager will have not access to report page anymore.

           

           

          Laurence Aumeunier added a comment - - edited This is a normal behavior, all project's managers have access to this page. Members not. Indeed, there is a access controller which give automatically access to the page for project's manager (ReportsPageAccessController) Your manager is ALLOWED by this access controller and DENIED by your profile affectations but for connected users only, so ALLOWED wins. To disable access to report page, you have 2 choices: Untag "Statistiques" page: the page keeps accessible by url but it will be not visible in user menu or disable access for each users or groups (not only for any connected users) As improvment, ReportsPageAccessController could be reviewed, to not be based on manager status but based on a specific right (to add to admin profiles) So by default a manager will have not access to report page anymore.    

            laurence Laurence Aumeunier
            afrancois Anastasia François
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: