-
Martin Trigaux authored
For privacy_visibility 'followers' or 'portal', the user should be follower of the project (not the task). Remove public access to portal task Fixes #2372 If no project on the task (or other rule), an employee (not a portal) can access if is follower of the task. Follower rule is not enough as a user creating a rule will subscribe to the rule but to subscribe to record, the user should have access to it in the first place. To make sure the snake does not bit its tail, fallback to give access on task where the user is reponsible (user_id = user.id). Fixes #139 Adapted the tests to the new behaviour (removed not relevant and added some on creation)
Martin Trigaux authoredFor privacy_visibility 'followers' or 'portal', the user should be follower of the project (not the task). Remove public access to portal task Fixes #2372 If no project on the task (or other rule), an employee (not a portal) can access if is follower of the task. Follower rule is not enough as a user creating a rule will subscribe to the rule but to subscribe to record, the user should have access to it in the first place. To make sure the snake does not bit its tail, fallback to give access on task where the user is reponsible (user_id = user.id). Fixes #139 Adapted the tests to the new behaviour (removed not relevant and added some on creation)
