Users can access reporter information even if their role permissions is set to DENIED
|Reported by:||Nicklas Nordborg||Owned by:||everyone|
Change the "User" role so that the permission for "Reporters" is set to "DENIED".
Log in as a user with that role. The user is still able to list all reporters in View->Reporters list page.
Clicking on a report results in a
Permission denied: Not allowed to read Reporter message.
If there is an array design with features, the user is also able to list reporter information in the features list. Clicking on a feature brings up a dialog with all reporter information present without any error message.
It is the same thing for a raw bioassay with raw data. The reporter information is available in the list and dialog.
See #1964 for some background information about what causes this.