Creating subtask without having permission on parent issue tracker
|Category:||Permissions and roles|
In my Redmine I have multiple trackers, multiple roles and crossed permissions: let's say "developer" user can create issues with "bugfix" tracker and "salesman" user can create issues with "request" tracker but not viceversa.
Then, if "developer" user tries to create a subtask on a "request" issue, the following view is kind of broken, not displaying tracker selection at all and reporting some "random" fields. By clicking on Create at the bottom, the page returns an error but magically heals itself, showing the correct expected view expected! Obviously, the same error is achievable also if "salesman" user tries to create a subtask under "bugfix" issue...
I think users should not be forced to have "create issue" permissions on a specific issue tracker if they only have to create subtask (with different trackers, naturally: the ones they're in charge of) on it. And it looks like it's not only my thought, since forcing the subtask creation when the view is broken leads to the expected page!
Anyone experienced this? I looked for some information on it but I didn't find anything...
My Redmine installation comes from Bitnami stack 2.4.2-0, containing:
- Redmine 2.4.2
- Apache 2.4.7
- ImageMagick 6.7.5
- MySQL 5.5.34
- Subversion 1.8.4
- Git 1.8.3
- Ruby 1.9.3-p484
- Rails 3.2.16
- RubyGems 1.8.12
- extended fields 0.2.2
- projects table plugin 0.0.4
- DMSF 1.4.7 devel
- Redmine Multi Column Custom Fields plugin 0.0.1
- Redmine Tracker Control plugin 1.0.8
#1 Updated by Jean-Philippe Lang about 4 years ago
- Status changed from New to Closed
- Resolution set to Invalid
let's say "developer" user can create issues with "bugfix" tracker and "salesman" user can create issues with "request" tracker but not viceversa
There's no such option in Redmine core. This is a plugin issue (Redmine Tracker Control plugin I guess).
#3 Updated by Daniele Pedroni about 4 years ago
Finally I found the problem: I set "Tracker" (as well as many other fields) as read only in the default tracker. As per my previous example: if Salesman tried to create a Request subtask under an existing Request issue, everything went fine. But if Developer tried, since it didn't have rights on Request tracker, it fell in the default tracker, so there was no way to change it!
Then I took "Read Only" attribute for all roles in default tracker (and any other tracker, to be safe on that), and now it works as expected. Note that also Parent Task was read only, so also that information got lost in the subtask creation.
This is only the confirmation of what JPL explained, anyway I wrote it down here to help other people who may fall in the same fault in the future.