Defect #37635
closed
Respect Role#consider_workflow? when checking for allowed status transitions
0%
Description
When defining workflow rules for a role and tracker, we generally check if a role can have any workflows at all. Right now, only roles which have at least one of the edit_issues or add_issue permissions can have any workflows. We check this when displaying editable workflows for admins.
Now, it is possible that the database holds workflow rules for roles which currently do not have one of those permissions (but might have had in the past). Currently, when checking for the allowed issue statuses in Issue#new_statuses_allowed_to (which is used to validate possible new issue statuses for an issue), we do not take into account if the defined workflow rules shall be considered at all.
This might result in workflow rules take into account which can not be (directly) edited by admins, resulting in a rather surprising behavior.
The attached patch changes this by ensuring that we only use workflow transitions which are defined for roles having one of the permissions. Workflow transitions for other roles are ignored.
Files
Related issues
Updated by 
Updated by 
Updated by