Feature #16309

Add a concept of role-based permission to trackers

Added by Stephane Lapie over 3 years ago. Updated over 2 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Permissions and roles
Target version:-
Resolution:

Description

I have a need for limiting access to trackers based on roles. For instance:
- only a Developper or Manager role could report a new "Dev Request" issue but not an "Infra Change"
- but only a Sysadmin or Manager role could report an "Infra Change" issue but not a "Dev Request"

So far, there is a plugin ( http://www.redmine.org/plugins/redmine_track_control ) that seemed to fit that need, except it was only constraining the tracker choice via UI, and had a few other problems.

I made my own fork ( https://github.com/darksoul42/redmine_track_control ) in which I tried fixing them on my own :
- creating a permission symbol based on tracker ID instead of potentially non-ASCII tracker name (this would break since ActiveRecord could not recover symbol names from the database, when they had Japanese in them)
- handling the display of my home-cooked "create_tracker#{id}" as "Create #{name} tracker" with dynamically added translations upon displaying Roles
- actually enforce tracker validity check at every level (override on IssuesController), instead of just making a JavaScript popup alert (still needing an override on Issues views to limit which trackers will be displayed)

But I stumbled upon the following problem :
- Basically, I am overriding IssuesController and more specifically, build_new_issue_from_params and update_issue_from_params. In order to do stuff properly in regard to handling custom fields (which require the tracker be set beforehand), this would require me to completely rewrite the whole method, just to change this one line in the middle, with quite the ugly code block :


-    @issue.tracker ||= @project.trackers.find((params[:issue] && params[:issue][:tracker_id]) || params[:tracker_id] || :first)
+    if project.enabled_modules.where(:name => "tracker_permissions").count == 1
+      tracker_list = @project.trackers.select { |t| User.current.allowed_to?("create_tracker#{t.id}".to_sym, @project, :global => true) }
+    else
+      tracker_list = @project.trackers
+    end
+    @issue.tracker ||= tracker_list.find((params[:issue] && params[:issue][:tracker_id]) || params[:tracker_id] || :first)

It doesn't sound realistic to enforce a in-house patch to core functionality (be it the Tracker functionality or the Issues functionality) like this, then try to play catch-up with Redmine everytime there is a new version (in addition to the fact the code seems to be about to be refactored and otherwise radically modified).

The above is my rationale for why this should not be a separate plug-in or a patch, but a core feature.

I have the backing of my company for contributing, if there is anything I can do to help implement this in Redmine core.

History

#1 Updated by Daniele Pedroni over 3 years ago

+1
I'm using the same redmine_track_control plugin but I agree with Stephane: this would be a great core feature!

#2 Updated by Toshi MARUYAMA over 3 years ago

  • Description updated (diff)

#3 Updated by Alex Petty over 2 years ago

+1 -- role based permissions governing tracker level elements would be a very important core feature which is now sorely missing from Redmine.

Also available in: Atom PDF