Project

General

Profile

Actions

Defect #18855

closed

User with only Move Issue rights in the project can still create issues using mass copy!

Added by Scott Cunningham almost 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Category:
Issues permissions
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

I found this bug when I was trying to use a project with a list of issues as a template for other projects (process flow). I assigned members to custom role "Copy" which only allows viewing and moving issues. If, however, the user does not change the project (i.e. copy into other project), new issues will be created within the existing project where they do not have rights!

I am running 2.5.2 on a Bitnami stack. I do not have the chance to try 2.6.x at the moment.

Note - we use task instead of issue in our language file.

Custom Role Copy settings:

View and Move rights only

User does not have issue edit rights (correct)

Cannot edit task

User can copy multiple issues at once (correct)

Bulk copy possible

Copy screenshot

Copy screenshot

Issues were added to existing project without regard to no Add Issue rights (not correct)

Issues were added (wrong)


Files

01-role-rights.png (20.7 KB) 01-role-rights.png View and Move rights only Scott Cunningham, 2015-01-15 19:49
02-no-edit-rights.png (7.15 KB) 02-no-edit-rights.png Cannot edit task Scott Cunningham, 2015-01-15 19:49
03-multiple-copy-possible.png (7.84 KB) 03-multiple-copy-possible.png Bulk copy possible Scott Cunningham, 2015-01-15 19:50
04-copy-screen.png (24.6 KB) 04-copy-screen.png Copy screenshot Scott Cunningham, 2015-01-15 19:50
05-issues-added-without-rights.png (15.1 KB) 05-issues-added-without-rights.png Issues were added (wrong) Scott Cunningham, 2015-01-15 19:50

Related issues

Related to Redmine - Patch #28311: Remove unused i18n key "permission_move_issues"ClosedGo MAEDA

Actions
Actions

Also available in: Atom PDF