Defect #13682
closed
Permission "Commit access" affected by role ID instead of role position
0%
Description
When several roles affect a user in a project, the effective "commit access" permission depends on the assigned roles' IDs instead of their position under "Administration >> Roles and permission".
Here is an example. Suppose we have these roles set up in this order:
| Role | id | SVN Read access | SVN Commit access |
|---|---|---|---|
| Developer | 4 | Yes | Yes |
| User | 5 | - | - |
| Customer | 6 | Yes | - |
What happens if we assign a user a combination of roles, this is what happens:
| Role(s) | Can read | Can commit | As expected? | |
|---|---|---|---|---|
| A. | Customer | Yes | - | Yes |
| B. | User | - | - | Yes |
| C. | Developer | Yes | Yes | Yes |
| D. | Customer, User | Yes | - | Yes(?) |
| E. | Customer, Developer | Yes | - | No |
| F. | User, Developer | - | - | No |
| G. | Customer, User, Developer | Yes | - | No |
In combination D. I'm not sure whether the absence of the READ permission in the role "User" should override the READ permission of the role "Customer". I don't think so as I believe that the default is denied permission unless explicitly allowed by a role. But I don't know in what way the order of the roles are supposed to influence the permissions.
In E., F. and G. it becomes clear that not the order of the roles has influence, but their respective ID. In all three combinations the user should have READ als well as COMMIT permission. But that's not the case.
If, however, I change permissions to the following, keeping the order of the roles:
| Role | id | SVN Read access | SVN Commit access |
|---|---|---|---|
| Developer | 4 | Yes | - |
| User | 5 | - | - |
| Customer | 6 | Yes | Yes |
Then this is what happens:
| Role(s) | Can read | Can commit | As expected? | |
|---|---|---|---|---|
| A. | Customer | Yes | Yes | Yes |
| B. | User | - | - | Yes |
| C. | Developer | Yes | - | Yes |
| D. | Customer, User | Yes | Yes | Yes(?) |
| E. | Customer, Developer | Yes | Yes | Yes(?) |
| F. | User, Developer | - | - | No |
| G. | Customer, User, Developer | Yes | Yes | Yes |
In D. even though "User" is above "Customer" the user has READ and COMMIT access because the "Customer" role overrides the "User" role (or the "Developer" role in E.) because it has a higher ID (as opposed to combination F. in the first example above).
So essentially:
Is the order of the roles supposed to have influence on what resulting permissions a user has if they have several roles assigned?
If yes, then the "position" and not the "id" is supposed to be the affecting attribute.
If no, then neither "position" (order of the roles) nor their "id" should affect the resulting permission.
Updated by Go MAEDA over 3 years ago
- Status changed from New to Closed
- Resolution set to Invalid
Tharuka Pathirana wrote:
Is the order of the roles supposed to have influence on what resulting permissions a user has if they have several roles assigned?
Both id and position are completely unrelated to the permissions applied to a user. RedmineRoles says that "if a member has multiple roles in a project, the permissions applied to the member is the combination of all roles' permissions".