Give the fact that a project manager can see all bugs Create extra access rules with XPath of the bug entity. Something like: (pseudoxpath)
Rule project manager has no XPATH.
Rule tester
[ bug/bug_testuser/user=[%'CurrentUser'%] ]
Rule developer
[ bug/bug_devuser/user=[%'CurrentUser'%] ]
Rule Manager
[
bug/bug_devuser/user/user_manageruser/user=[%'CurrentUser'%]]
bug/bug_testuser/user/user_manageruser/user=[%'CurrentUser'%]]
]
A bug has two associations: one to the assigned developer and one to the assigned tester. Each user has a manager (user_manageruser)
It is more elegant to use referencesets but for your case this will do.