So I have finally had some time to test this properly on a blank installation and I am confident there is a bug in the way access lists are processed.
Summary: if you want to set Project Managers to "View Assigned Only" on more than one project, permissions break for at least 1 user. I have tested this behavior on 2 installations, 2 servers.
- Brand new CentOS 7 virtual machine, SELinux disabled
Apache 2.4.6
PHP 7.0.15 + modules
MySQL Community 5.7
- Configured base CentOS virtual machine & disabled SELinux
Add MySQL repository
yum install httpd mysql-community-server php php-*<standard module list>
Enable short_open tags in php.ini
Test phpinfo file to make sure base install looks good
Configure MySQL server, add "ruko" database and user with full permissions
Unzip rukovoditel_1.8.zip to /var/www/html/
Configure permissions...
- chown root /var/www/html -Rf
- chgrp apache /var/www/html -Rf
- chmod 774 /var/www/html -Rf
Browse to http://myserver/ - permissions check is OK
Proceed with database installation, all OK
Log in to Rukovoditel as admin user
Unzip rukovoditel_ext_1.4.zip to /var/www/html/plugins/
Install plugin from http://myserver/ > Rukovoditel > Extension > Install
Steps to reproduce...
- As Admin...
Create 2 Manager users: User 1 and User 2
Create 2 Projects: Project 1 and Project 2
Go to Application Structure > Entities List > Projects > Access > Access Configuration
Change Manager to "View Assigned Only" - so that managers can only maintain there own projects, not all projects.
Go to Projects and Edit Project 1 & Project 2
Assign both User 1 & User 2 to both projects
Open a new browser window incognito
Log in as "User 1"
Both projects are visible, if you attempt to view the project you receive error "Access Forbidden - Sorry, you don't have access to this page"
Log out of User 1, log in as "User 2"
Both projects are visible, both projects can be viewed
Project 1 - User 1, User 2
Project 2 - nobody
Results P1: User 1 OK, User 2 OK
Results P2: N/A
Project 1 - User 1, User 2
Project 2 - User 1, User 2
Results P1: User 1 forbidden, User 2 OK
Results P2: User 1 forbidden, User 2 OK
Project 1 - User 2
Project 2 - User 1, User 2
Results P1: N/A, User 2 OK
Results P2: User 1 forbidden, User 2 OK
Project 1 - nobody
Project 2 - User 1, User 2
Results P1: N/A
Results P2: User 1 OK, User 2 OK