Project

General

Profile

Actions

Defect #37635

closed

Respect Role#consider_workflow? when checking for allowed status transitions

Added by Holger Just about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Issues workflow
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

When defining workflow rules for a role and tracker, we generally check if a role can have any workflows at all. Right now, only roles which have at least one of the edit_issues or add_issue permissions can have any workflows. We check this when displaying editable workflows for admins.

Now, it is possible that the database holds workflow rules for roles which currently do not have one of those permissions (but might have had in the past). Currently, when checking for the allowed issue statuses in Issue#new_statuses_allowed_to (which is used to validate possible new issue statuses for an issue), we do not take into account if the defined workflow rules shall be considered at all.

This might result in workflow rules take into account which can not be (directly) edited by admins, resulting in a rather surprising behavior.

The attached patch changes this by ensuring that we only use workflow transitions which are defined for roles having one of the permissions. Workflow transitions for other roles are ignored.


Files


Related issues

Related to Redmine - Defect #37229: Ignore workflow transitions that already defined and now is not appliableClosed

Actions
Related to Redmine - Defect #39493: Role with only :edit_own_issues no longer considered for workflowConfirmed

Actions
Has duplicate Redmine - Defect #28078: Workflows inconsistencies when removing "add/edit issue" permission to a role which already has a workflow definedClosed

Actions
Actions #1

Updated by Go MAEDA about 2 years ago

  • Tracker changed from Patch to Defect
  • Status changed from New to Confirmed
  • Target version set to 5.1.0

Setting the target version to 5.1.0.

Actions #2

Updated by Mischa The Evil about 2 years ago

  • Related to Defect #37229: Ignore workflow transitions that already defined and now is not appliable added
Actions #3

Updated by Mischa The Evil about 2 years ago

Just a thought:

The following code in Issue#workflow_rule_by_attribute (source:/trunk/app/models/issue.rb@21799#L680) exists:

    user_real = user || User.current
    roles = user_real.admin ? Role.all.to_a : user_real.roles_for_project(project)
    roles = roles.select(&:consider_workflow?)

The following code addition is proposed in this patch:

    roles = user.admin ? Role.all.to_a : user.roles_for_project(project)
    roles = roles.select(&:consider_workflow?)

Wouldn't it be better to extract this code into a new (helper) method given the similarity?

Actions #4

Updated by Go MAEDA about 2 years ago

Mischa The Evil wrote:

Wouldn't it be better to extract this code into a new (helper) method given the similarity?

What do you think about extracting the code as follows?

diff --git a/app/models/issue.rb b/app/models/issue.rb
index 84907a475..a5bd372d5 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -2053,4 +2053,9 @@ class Issue < ActiveRecord::Base
       Project
     end
   end
+
+  def roles_for_workflow(user = User.current)
+    roles = user.admin ? Role.all.to_a : user.roles_for_project(project)
+    roles.select(&:consider_workflow?)
+  end
 end
Actions #5

Updated by Holger Just about 2 years ago

I'd require the user argument (rather than allowing a default). Then, this looks good for me.

I have attached an updated patch which uses this new extracted method.

Actions #6

Updated by Go MAEDA about 2 years ago

  • Status changed from Confirmed to Closed
  • Assignee set to Go MAEDA
  • Resolution set to Fixed

Committed the fix. Thank you.

Actions #7

Updated by Go MAEDA almost 2 years ago

  • Has duplicate Defect #28078: Workflows inconsistencies when removing "add/edit issue" permission to a role which already has a workflow defined added
Actions #8

Updated by Mischa The Evil 12 months ago

  • Related to Defect #39493: Role with only :edit_own_issues no longer considered for workflow added
Actions

Also available in: Atom PDF