Defect #13360
closed
Permissions of Multiple Roles
Added by Adnan Topçu over 11 years ago.
Updated over 3 years ago.
Category:
Permissions and roles
Description
There are two roles:
- RolA: issue visibiliti setting is "Issues created by or assigned to the user" and it has issue edit permissions.
- RolB: issue visibiliti setting is "All non private issues" and it has issue view permissions, do not edit!
If an user has both of RolA and RolB roles result is:
The user can edit all non private issues.
In my opinion, this is not usual.
Recent Discuss: http://www.redmine.org/boards/1/topics/36188?r=36236#message-36236
There is a need to issue editing only by assigned user. This is possible fixing this issue or adding new permission like as "edit assigned issue" etc.
Please write your opinions.
Regards
Adnan Topçu wrote:
There are two roles:
- RolA: issue visibiliti setting is "Issues created by or assigned to the user" and it has issue edit permissions.
- RolB: issue visibiliti setting is "All non private issues" and it has issue view permissions, do not edit!
If an user has both of RolA and RolB roles result is:
The user can edit all non private issues.
I think it is expected behavior. The RedmineRoles page says that "If a member has multiple roles in a project, the permissions applied to the member is the combination of all roles' permissions".
Go MAEDA wrote:
Adnan Topçu wrote:
There are two roles:
- RolA: issue visibiliti setting is "Issues created by or assigned to the user" and it has issue edit permissions.
- RolB: issue visibiliti setting is "All non private issues" and it has issue view permissions, do not edit!
If an user has both of RolA and RolB roles result is:
The user can edit all non private issues.
I think it is expected behavior. The RedmineRoles page says that "If a member has multiple roles in a project, the permissions applied to the member is the combination of all roles' permissions".
That probably depends on the interpretation of "combination". As an example, if one role contains the numbers 10 to 12 and the second role the numbers the numbers 15 to 17, I would expect the combination of both roles to include 10,11,12,15,16,17. You seem to suggest, that the combination includes 10 through to 17, which I personally wouldn't expect. In the specific example brought up by Adnan I would expect the combination to be "view all issues and edit the ones created by or assigned to the user", not "view and edit all issues".
Matthias Lehmann wrote:
Go MAEDA wrote:
Adnan Topçu wrote:
There are two roles:
- RolA: issue visibiliti setting is "Issues created by or assigned to the user" and it has issue edit permissions.
- RolB: issue visibiliti setting is "All non private issues" and it has issue view permissions, do not edit!
If an user has both of RolA and RolB roles result is:
The user can edit all non private issues.
I think it is expected behavior. The RedmineRoles page says that "If a member has multiple roles in a project, the permissions applied to the member is the combination of all roles' permissions".
That probably depends on the interpretation of "combination". As an example, if one role contains the numbers 10 to 12 and the second role the numbers the numbers 15 to 17, I would expect the combination of both roles to include 10,11,12,15,16,17.
Redmine behaves exactly like that.
- Status changed from New to Closed
- Resolution set to Wont fix
Also available in: Atom
PDF