Defect #15988

Unexpected behaviour on issue fields for users that have multiple roles

Added by VD DV about 7 years ago. Updated over 6 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Issues workflow
Target version:3.0.0
Resolution:Fixed Affected version:2.4.2

Description

To explain this possible defect let me explain this situation.
We have dozens of projects on which are defined mixed teams of users. We have defined roles for those projects&users.
I will focus on just those facts that matters this issue:
- We have one role that enables users to view just documents and nothing else (lets name it DocViewer).
- We have another role that enables user to report an issue and nothing else (lets name it IssueReporter).
- We have user (User1) that have both roles on some project
- We have defined field restrictions on workflow for IssueReporter on some field. For example we want to force users that owns role IssueReporter to fill some data at custom field (lets name it SomeRequiredField). That was done through workflow for role IssueReporter (on all trackers) by setting Requred attribute on SomeRequredField.

So we expected that User1 will be forced to fill up SomeRequiredField, but it is not happening. User1 still can skip that required field. Reason for this is that the User1 has also role DocViewer. Please note that this role have not any specific workflow nor field restrictions defined.

Conclusion:
It would be expected that roles that have not assigned permissions for adding or updating issues should not make any influence on field restrictions (and worflows also) in situations when user owns multiple roles.

Related issues

Related to Redmine - Defect #33059: "Role" dropdown in Workflow page is unexpectedly expanded... Closed
Precedes Redmine - Defect #34570: Misleading workflow/permission issue New
Precedes Redmine - Defect #34284: In Role edit view the per tracker table only shows up whe... New

Associated revisions

Revision 13746
Added by Jean-Philippe Lang over 6 years ago

Droped legacy behaviour that allows a user to edit a few attributes of an issue without the edit_issues permission if a status transition is allowed (#15988).

Now that we can control permission on each field, this behaviour is no longer needed. The edit_issues permission is now required, which is consistent with the current requirements for bulk edition.

Revision 13747
Added by Jean-Philippe Lang over 6 years ago

Don't consider roles without issue add/edit permissions for determining fields permissions (#15988).

Revision 13748
Added by Jean-Philippe Lang over 6 years ago

Don't show roles without issue add/edit permission in workflow setup (#15988).

History

#1 Updated by VD DV over 6 years ago

Any updates on this issue? Is this defect fixed in recent Redmine versions?

#2 Updated by Toshi MARUYAMA over 6 years ago

  • Subject changed from Unexpected behaviour on issue fiels for users that have multiple roles to Unexpected behaviour on issue fields for users that have multiple roles

#3 Updated by VD DV over 6 years ago

Can you reconsider fixing this Defect in near future?
In my opinion this defect is realy serious.

#4 Updated by Toshi MARUYAMA over 6 years ago

  • Target version set to 3.0.0

#5 Updated by Jean-Philippe Lang over 6 years ago

  • Assignee set to Jean-Philippe Lang

#6 Updated by Jean-Philippe Lang over 6 years ago

  • Status changed from New to Closed
  • Resolution set to Fixed

#7 Updated by Go MAEDA about 1 year ago

  • Related to Defect #33059: "Role" dropdown in Workflow page is unexpectedly expanded when selecting "all" added

#8 Updated by Mischa The Evil 2 months ago

  • Precedes Defect #34570: Misleading workflow/permission issue added

#9 Updated by Mischa The Evil 2 months ago

  • Precedes Defect #34284: In Role edit view the per tracker table only shows up when "View Issues" permission is selected added

Also available in: Atom PDF