Defect #15988
Unexpected behaviour on issue fields for users that have multiple roles
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Jean-Philippe Lang | % Done: | 0% | |
| Category: | Issues workflow | |||
| Target version: | 3.0.0 | |||
| Resolution: | Fixed | Affected version: | 2.4.2 |
Description
To explain this possible defect let me explain this situation.
We have dozens of projects on which are defined mixed teams of users. We have defined roles for those projects&users.
I will focus on just those facts that matters this issue:
- We have one role that enables users to view just documents and nothing else (lets name it DocViewer).
- We have another role that enables user to report an issue and nothing else (lets name it IssueReporter).
- We have user (User1) that have both roles on some project
- We have defined field restrictions on workflow for IssueReporter on some field. For example we want to force users that owns role IssueReporter to fill some data at custom field (lets name it SomeRequiredField). That was done through workflow for role IssueReporter (on all trackers) by setting Requred attribute on SomeRequredField.
So we expected that User1 will be forced to fill up SomeRequiredField, but it is not happening. User1 still can skip that required field. Reason for this is that the User1 has also role DocViewer. Please note that this role have not any specific workflow nor field restrictions defined.
Conclusion:
It would be expected that roles that have not assigned permissions for adding or updating issues should not make any influence on field restrictions (and worflows also) in situations when user owns multiple roles.
Related issues
Associated revisions
Droped legacy behaviour that allows a user to edit a few attributes of an issue without the edit_issues permission if a status transition is allowed (#15988).
Now that we can control permission on each field, this behaviour is no longer needed. The edit_issues permission is now required, which is consistent with the current requirements for bulk edition.
Don't consider roles without issue add/edit permissions for determining fields permissions (#15988).
Don't show roles without issue add/edit permission in workflow setup (#15988).
History
#1
Updated by VD DV over 5 years ago
Any updates on this issue? Is this defect fixed in recent Redmine versions?
#2
Updated by Toshi MARUYAMA over 5 years ago
- Subject changed from Unexpected behaviour on issue fiels for users that have multiple roles to Unexpected behaviour on issue fields for users that have multiple roles
#3
Updated by VD DV over 5 years ago
Can you reconsider fixing this Defect in near future?
In my opinion this defect is realy serious.
#4
Updated by Toshi MARUYAMA over 5 years ago
- Target version set to 3.0.0
#5
Updated by Jean-Philippe Lang over 5 years ago
- Assignee set to Jean-Philippe Lang
#6
Updated by Jean-Philippe Lang over 5 years ago
- Status changed from New to Closed
- Resolution set to Fixed
#7
Updated by Go MAEDA about 1 month ago
- Related to Defect #33059: "Role" dropdown in Workflow page is unexpectedly expanded when selecting "all" added