While working on integration od FineGrainedPermissions into bhsearch, I have discovered that Dashboard does not always use permissions the way it should.
My test setup is the following: user anonymous has *_VIEW on global, but no product specific permissions. There are two products DEMO and MNP. With this setup, anonymous can access global Dashboard, where it sees all the tickets and all the products. He cannot access product specific dashboards (no PRODUCT_VIEW permission). Links to products/tickets in the global dashboard also redirect to login. If I add PRODUCT_VIEW permission for both products, anonymous can access the dashboards, but ticket and timeline widgets crash (no TICKET_VIEW permissions). FineGrainedPermissions are also not taken into the account. Should we do something abou this now or should we leave it for 0.7? Anze
