Redmine: Issueshttps://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292021-01-08T00:15:03ZRedmine
Redmine Redmine - Defect #34570 (New): Misleading workflow/permission issuehttps://www.redmine.org/issues/345702021-01-08T00:15:03ZJames Brady
<p>I'm using the latest version of Turnkey Linux Redmine: <br /><a class="external" href="https://www.turnkeylinux.org/redmine">https://www.turnkeylinux.org/redmine</a></p>
<pre>
Environment:
Redmine version 4.1.1.stable
Ruby version 2.6.6-p146 (2020-03-31) [x86_64-linux]
Rails version 5.2.4.2
Environment production
Database adapter Mysql2
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery sendmail
SCM:
Subversion 1.10.4
Git 2.20.1
Filesystem
Redmine plugins:
no plugin installed
</pre>
<p>If a user is assigned multiple roles, any workflow defined on any role will affect that user, even if one of those roles has no editing issue edit permission.</p>
Example:
<ul>
<li>Role 1
<ul>
<li>I don't remove <strong>Close</strong> status from all statuses in that role's Workflow.</li>
<li>I remove all edit permissions from Issue Tracking permissions. </li>
</ul>
</li>
<li>Role 2
<ul>
<li>I remove <strong>Close</strong> status from all statuses from that role's Workflow. </li>
<li>I allow <strong>Edit Issues</strong> permission in Issue Tracking permissions.</li>
</ul></li>
</ul>
<p>If I assign a user both Role 1 and Role 2, he will be able to Close issues.</p>
<p>Not sure if you'd consider this a defect per se, but I just spent a chunk of time configuring a new redmine server at work, and it took me a bit to figure out why my users had the ability to close issues, even when the workflows I painstakingly defined for them appeared to prevent it. <br />It was because I was using multiple roles to control their access, and I hadn't edited the workflow of the other role to match, or at least not conflict. <br />The confusion is bolstered by the fact that you can't see the role in the dropdown on the Workflow edit page, to correct such a mistake, until you restore the edit permissions on that Role's edit page, in the Permission's section.</p>
<p>Since issue status workflows only really come into play for someone who has edit permission for Issues, I suggest that worfklows become effectively disabled for any role whenever that role loses edit permission for Issues.</p>