Defect #39493
open
Role with only :edit_own_issues no longer considered for workflow
Added by Jan Graichen about 1 year ago.
Updated 10 months ago.
Description
The change in #37635 rendered roles that only have the :edit_own_issues permissions no longer usable because these roles are not consider_workflow?.
A test in a Redmine plugin of mine tested some behavior that is using Issue#new_statuses_allowed_to with a minimal Role, only with :edit_own_issues, which failed with Redmine 5.1. This truly might be an edge-case, but I could imagine that there are real-world usages for Roles that can only edit their own issues but not add new one (e.g. customers with support expired support contracts).
On the other hand, one would not have been able to add workflows for such a Role in the UI in the first place? Unless the Role was created with :add_issues first, and only later dropped, which is kind of what #37635 wanted to fix.
Should :edit_own_issues be added to consider_workflow? or is that a case that shall not be supported at all?
- Related to Defect #37635: Respect Role#consider_workflow? when checking for allowed status transitions added
- Related to Feature #1248: New Permission: Edit own issues added
- Related to Defect #15988: Unexpected behaviour on issue fields for users that have multiple roles added
- Status changed from New to Confirmed
Jan Graichen wrote:
The change in #37635 rendered roles that only have the :edit_own_issues permissions no longer usable because these roles are not consider_workflow?.
I've had a quick look at this and I can tentatively confirm (by code review only) the issue. It looks to me like it is an omission of #1248. It seems this use-case wasn't considered as part of its implementation.
Should :edit_own_issues be added to consider_workflow? or is that a case that shall not be supported at all?
Long story short: IMHO ":edit_own_issues [should] be added to consider_workflow?".
An (untested) example implementation of Role#consider_workflow? could look something like this:
def consider_workflow?(author, user)
has_permission?(:add_issues) || has_permission?(:edit_issues) || (has_permission?(:edit_own_issues) && author == user)
end
However, this is quite a big change in design that might not fit a patch (5.1.x) release.
I'll add the contributor of the patch from #1248 (Yuichi HARADA) as a watcher of this issue.
Also available in: Atom
PDF
Updated by