Defect #28693
closed
Irrelevant permission is required to access some tabs in project settings page
0%
Description
It is not clear why is necessary to give "Edit project" right to create new Forum and so let "Settings" tab to appears; in fact giving "Forum Manager" right do not let "new forum" command to appears.
Files
Updated by Go MAEDA almost 6 years ago
- Category changed from Forums to Permissions and roles
Updated by Go MAEDA almost 6 years ago
- Status changed from New to Confirmed
I confirmed the problem in the current trunk r17328.
Users cannot see some tabs in "Settings" tab if they don't have "Edit project", "Manage members", Manage versions" or "Manage issue categories" permission. For example, to access "Forums" tab, users should have one of those permissions in addition to "Manage forum" permission. I think the behavior inconsistent and illogical. Please see the following table for details.
| Tab | Required permission(s) |
|---|---|
| Project | Edit project |
| Members | Manage members |
| Issue tracking | Edit project |
| Versions | Manage versions |
| Issue categories | Manage issue categories |
| Repositories | Manage repository AND (Edit project OR Manage members OR Manage versions OR Manage issue categories) |
| Forums | Manage forums AND (Edit project OR Manage members OR Manage versions OR Manage issue categories) |
| Time tracking | Manage project activities AND (Edit project OR Manage members OR Manage versions OR Manage issue categories) |
Updated by Go MAEDA almost 6 years ago
Here is a workaround for this issue.
Index: lib/redmine.rb
===================================================================
--- lib/redmine.rb (revision 17328)
+++ lib/redmine.rb (working copy)
@@ -125,7 +125,7 @@
map.permission :log_time, {:timelog => [:new, :create]}, :require => :loggedin
map.permission :edit_time_entries, {:timelog => [:edit, :update, :destroy, :bulk_edit, :bulk_update]}, :require => :member
map.permission :edit_own_time_entries, {:timelog => [:edit, :update, :destroy,:bulk_edit, :bulk_update]}, :require => :loggedin
- map.permission :manage_project_activities, {:project_enumerations => [:update, :destroy]}, :require => :member
+ map.permission :manage_project_activities, {:projects => :settings, :project_enumerations => [:update, :destroy]}, :require => :member
end
map.project_module :news do |map|
@@ -163,7 +163,7 @@
map.permission :browse_repository, {:repositories => [:show, :browse, :entry, :raw, :annotate, :changes, :diff, :stats, :graph]}, :read => true
map.permission :commit_access, {}
map.permission :manage_related_issues, {:repositories => [:add_related_issue, :remove_related_issue]}
- map.permission :manage_repository, {:repositories => [:new, :create, :edit, :update, :committers, :destroy]}, :require => :member
+ map.permission :manage_repository, {:projects => :settings, :repositories => [:new, :create, :edit, :update, :committers, :destroy]}, :require => :member
end
map.project_module :boards do |map|
@@ -173,7 +173,7 @@
map.permission :edit_own_messages, {:messages => :edit, :attachments => :upload}, :require => :loggedin
map.permission :delete_messages, {:messages => :destroy}, :require => :member
map.permission :delete_own_messages, {:messages => :destroy}, :require => :loggedin
- map.permission :manage_boards, {:boards => [:new, :create, :edit, :update, :destroy]}, :require => :member
+ map.permission :manage_boards, {:projects => :settings, :boards => [:new, :create, :edit, :update, :destroy]}, :require => :member
end
map.project_module :calendar do |map|
Updated by Go MAEDA almost 6 years ago
- Target version set to Candidate for next minor release
Updated by Mizuki ISHIKAWA almost 6 years ago
- File tests.patch tests.patch added
I wrote a test of code written by Go MAEDA (#28693#note-3).
This test code will test that project settings and tabs are displayed according to permissions.
Updated by Go MAEDA almost 6 years ago
- Subject changed from Edit project right necessary to create new forum to Irrelevant permission is required to access some tabs in project settings page
- Target version changed from Candidate for next minor release to 3.3.8
Setting target version to 3.3.8.
Updated by Go MAEDA almost 6 years ago
- Status changed from Confirmed to Resolved
- Assignee set to Go MAEDA
- Resolution set to Fixed
Updated by Go MAEDA almost 6 years ago
- Status changed from Resolved to Closed
- Target version changed from 3.3.8 to 3.4.6
Committed. Thank you all for contributing to the Redmine project.