Project

General

Profile

Priority set to Read Only for certain Roles but editable in certain sub-projects

Added by James Stewart almost 8 years ago

SYSTEM INFO

  • Redmine (not shown due to security concerns)
  • Ruby implementation and version = (not shown due to security concerns)
  • Rails version (rails --version) = (not shown due to security concerns)
  • Operating system (precise if you're using cygwin when running on Windows) = (not shown due to security concerns)
  • Database used, and its version = (not shown due to security concerns)
  • Ruby-aware server used: (not shown due to security concerns)

PROBLEM

In only some Sub-Projects of one Project, I am unable to limit edit access for external users to the Priority field despite configuring the workflow to allow them only Read Only access for all Status values. The different behavior in different projects would lead me to believe that there is a configuration I missed somewhere but I cannot locate that setting if it exists:
  1. don't see any way to define this by project under Enumerations > Issue Priorities
  2. don't see any way to limit access to standard fields (only custom fields) in each Project's settings
  3. don't see any way to define this by project under Workflow > Fields Permissions

I am also unable to find any indication that others outside our organization are having this problem by perusing the open and closed issues. We are not at the newest release (will be soon) but likewise I don't see anything in the newer version change logs that indicates that they contain such a fix. I would be happy to re-input this as a trouble ticket but felt that this could be a failure to configure properly.

APPLICABLE CONFIGURATION STEPS TAKEN

  • 2 of the 3 affected Sub-Projects are shown in "project_hierarchy" screenshot: AJL Rails Revision and CF JobLink. I compared settings with other Sub-Projects and Projects and found no likely cause.
  • The user's access level is the same (Role = "Reporter") in all Projects and Sub-Projects as shown in "user_project_roles" screenshot.
  • The "Reporter" Role definitions do not contain any configurable settings that seem to relate to this problem as shown in "role_definition" screenshot.
  • The Workflow Fields Permissions for the Reporter Role are set to "Read Only" for the Priority field for every Issue Status as shown in "workflow_settings_reporter"

WHAT THE USER (Reporter Role) SEES

  • "new_issue_with_priority" shows the Priority field and allows the user to edit it. The intent is that they can see it but not edit it.
  • "new_issue_without_priority" does not show the Priority field at all. The intent is, again, that they see it but cannot edit it.

UPDATE 12/27/2016

I have not found any true solution for this problem still but have found what may be a workaround for it. I removed all permissions from my test user (with the limited "Reporter" role) and re-added them. I was then no longer able to edit the values in the same tickets that I could before (see screenshots). This is still not a good situation as I don't know how many external users have the disallowed access and could spend a lot of time removing and re-adding permissions.

I am also removing version information from this post due to security-related risks. Please contact me directly for that information if needed.