Issue update permission for all projects

Added by Steffen Gebert almost 6 years ago

Hi,

we have a Gerrit review system connected to our Redmine, which updates issues, as soon as an issue is referenced in a change set.
Gerrit uses the REST API to update issues, however there is one problem: The user (read: user behind the API key which is used for the REST call) has to be member of all the projects, which is not that nice.

Is there a way to give the user a global rights to update issues (comments + issue status) in all projects? Making it an admin also doesn't help.

Thanks in advance
Steffen

Replies (6)

RE: Issue update permission for all projects - Added by Steffen Gebert almost 6 years ago

Furthermore, after playing around I wonder whether there is a differentiation between different roles: If I make that user member of team with Members role attached, it works. If I assign the role Bots (which has all privileges), the status can't be updated.

Is the Members role something special, which directly comes with Redmine and is different to custom categories? I did not set up our Redmine, so I don't know, whether this group has been already shipped or has been created manually (it as ID 8).

Thanks
Steffen

RE: Issue update permission for all projects - Added by Mischa The Evil almost 6 years ago

Steffen Gebert wrote:

Is the Members role something special, which directly comes with Redmine and is different to custom categories? I did not set up our Redmine, so I don't know, whether this group has been already shipped or has been created manually (it as ID 8).

No, it is not a special role nor does it come directly with Redmine.
There are two system-roles which are build-in in Redmine: Non member (ID 1) & Anonymous (ID 2). See RedmineRoles#System-roles. Besides that, the default configuration data (see RedmineInstall, Installation procedure, step 6) provides three additional roles: Manager, Developer & Reporter (see source:/trunk/lib/redmine/default_data/loader.rb), but none of them is considered as "special" in any way.

RE: Issue update permission for all projects - Added by Mischa The Evil almost 6 years ago

Steffen Gebert wrote:

Is there a way to give the user a global rights to update issues (comments + issue status) in all projects? Making it an admin also doesn't help.

There isn't AFAIK. The user must be a member on the appropriate projects with a role with includes the Edit issues and Add notes permissions. Admin or not.
The only way to workaround this is to make the projects public, and subsequently add the appropriate permissions to one of the two system-roles.

Furthermore, after playing around I wonder whether there is a differentiation between different roles: If I make that user member of team with Members role attached, it works. If I assign the role Bots (which has all privileges), the status can't be updated.

Hmm... This looks strange, although it could be due to a configuration. Please check for any differences between the two roles.

RE: Issue update permission for all projects - Added by Steffen Gebert almost 6 years ago

Thanks for your answer!

I've checked it again and I really see no reason, why it works for Member, but not for Bots. There are no more permission settings than in Administration > Roles I guess. No groups are configured.

Do you think that it is easy to achieve that a special user gets the "Change status" privilege through a Redmine extension? Or would it be a harder thing to tackle..?

Thanks
Steffen

RE: Issue update permission for all projects - Added by Mischa The Evil almost 6 years ago

Steffen Gebert wrote:

Thanks for your answer!

I've checked it again and I really see no reason, why it works for Member, but not for Bots. There are no more permission settings than in Administration > Roles I guess. No groups are configured.

I guess whether or not a status change can be done is not so much a case of permissions in your case. Instead status transitions are allowed/denied according to the configured workflow for the role and tracker.
In your case I think the workflow for the Bots role is missing privileges for the requested status transition on the respective tracker(s).

Do you think that it is easy to achieve that a special user gets the "Change status" privilege through a Redmine extension? Or would it be a harder thing to tackle..?

I don't think that is easy to implement within the current permissions system. Though, there are already several issues requesting more control over what is included in the edit issues permission, which now includes, said simplified, permission to change all issue attributes.

RE: Issue update permission for all projects - Added by Steffen Gebert almost 6 years ago

I've checked it again and I really see no reason, why it works for Member, but not for Bots. There are no more permission settings than in Administration > Roles I guess. No groups are configured.

I guess whether or not a status change can be done is not so much a case of permissions in your case. Instead status transitions are allowed/denied according to the configured workflow for the role and tracker.
In your case I think the workflow for the Bots role is missing privileges for the requested status transition on the respective tracker(s).

Of course, thanks! Not it's working!

(1-6/6)