Project

General

Profile

Actions

Defect #28693

closed

Irrelevant permission is required to access some tabs in project settings page

Added by Fabrizio Sebastiani over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Permissions and roles
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

It is not clear why is necessary to give "Edit project" right to create new Forum and so let "Settings" tab to appears; in fact giving "Forum Manager" right do not let "new forum" command to appears.


Files

tests.patch (1.4 KB) tests.patch Mizuki ISHIKAWA, 2018-05-21 10:10
Actions #1

Updated by Go MAEDA over 6 years ago

  • Category changed from Forums to Permissions and roles
Actions #2

Updated by Go MAEDA over 6 years ago

  • Status changed from New to Confirmed

I confirmed the problem in the current trunk r17328.

Users cannot see some tabs in "Settings" tab if they don't have "Edit project", "Manage members", Manage versions" or "Manage issue categories" permission. For example, to access "Forums" tab, users should have one of those permissions in addition to "Manage forum" permission. I think the behavior inconsistent and illogical. Please see the following table for details.

Tab Required permission(s)
Project Edit project
Members Manage members
Issue tracking Edit project
Versions Manage versions
Issue categories Manage issue categories
Repositories Manage repository AND (Edit project OR Manage members OR Manage versions OR Manage issue categories)
Forums Manage forums AND (Edit project OR Manage members OR Manage versions OR Manage issue categories)
Time tracking Manage project activities AND (Edit project OR Manage members OR Manage versions OR Manage issue categories)
Actions #3

Updated by Go MAEDA over 6 years ago

Here is a workaround for this issue.

Index: lib/redmine.rb
===================================================================
--- lib/redmine.rb    (revision 17328)
+++ lib/redmine.rb    (working copy)
@@ -125,7 +125,7 @@
     map.permission :log_time, {:timelog => [:new, :create]}, :require => :loggedin
     map.permission :edit_time_entries, {:timelog => [:edit, :update, :destroy, :bulk_edit, :bulk_update]}, :require => :member
     map.permission :edit_own_time_entries, {:timelog => [:edit, :update, :destroy,:bulk_edit, :bulk_update]}, :require => :loggedin
-    map.permission :manage_project_activities, {:project_enumerations => [:update, :destroy]}, :require => :member
+    map.permission :manage_project_activities, {:projects => :settings, :project_enumerations => [:update, :destroy]}, :require => :member
   end

   map.project_module :news do |map|
@@ -163,7 +163,7 @@
     map.permission :browse_repository, {:repositories => [:show, :browse, :entry, :raw, :annotate, :changes, :diff, :stats, :graph]}, :read => true
     map.permission :commit_access, {}
     map.permission :manage_related_issues, {:repositories => [:add_related_issue, :remove_related_issue]}
-    map.permission :manage_repository, {:repositories => [:new, :create, :edit, :update, :committers, :destroy]}, :require => :member
+    map.permission :manage_repository, {:projects => :settings, :repositories => [:new, :create, :edit, :update, :committers, :destroy]}, :require => :member
   end

   map.project_module :boards do |map|
@@ -173,7 +173,7 @@
     map.permission :edit_own_messages, {:messages => :edit, :attachments => :upload}, :require => :loggedin
     map.permission :delete_messages, {:messages => :destroy}, :require => :member
     map.permission :delete_own_messages, {:messages => :destroy}, :require => :loggedin
-    map.permission :manage_boards, {:boards => [:new, :create, :edit, :update, :destroy]}, :require => :member
+    map.permission :manage_boards, {:projects => :settings, :boards => [:new, :create, :edit, :update, :destroy]}, :require => :member
   end

   map.project_module :calendar do |map|
Actions #4

Updated by Go MAEDA over 6 years ago

  • Target version set to Candidate for next minor release
Actions #5

Updated by Mizuki ISHIKAWA over 6 years ago

I wrote a test of code written by Go MAEDA (#28693#note-3).
This test code will test that project settings and tabs are displayed according to permissions.

Actions #6

Updated by Go MAEDA over 6 years ago

  • Subject changed from Edit project right necessary to create new forum to Irrelevant permission is required to access some tabs in project settings page
  • Target version changed from Candidate for next minor release to 3.3.8

Setting target version to 3.3.8.

Actions #7

Updated by Go MAEDA over 6 years ago

  • Status changed from Confirmed to Resolved
  • Assignee set to Go MAEDA
  • Resolution set to Fixed
Actions #8

Updated by Go MAEDA over 6 years ago

  • Status changed from Resolved to Closed
  • Target version changed from 3.3.8 to 3.4.6

Committed. Thank you all for contributing to the Redmine project.

Actions

Also available in: Atom PDF