Project

General

Profile

Actions
Copy link

Defect #39493

open

Role with only :edit_own_issues no longer considered for workflow

Added by Jan Graichen 6 months ago. Updated 3 months ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
Issues workflow
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:
5.1.0

Description

The change in #37635 rendered roles that only have the :edit_own_issues permissions no longer usable because these roles are not consider_workflow?.

A test in a Redmine plugin of mine tested some behavior that is using Issue#new_statuses_allowed_to with a minimal Role, only with :edit_own_issues, which failed with Redmine 5.1. This truly might be an edge-case, but I could imagine that there are real-world usages for Roles that can only edit their own issues but not add new one (e.g. customers with support expired support contracts).

On the other hand, one would not have been able to add workflows for such a Role in the UI in the first place? Unless the Role was created with :add_issues first, and only later dropped, which is kind of what #37635 wanted to fix.

Should :edit_own_issues be added to consider_workflow? or is that a case that shall not be supported at all?

Related issues

Related to Redmine - Defect #37635: Respect Role#consider_workflow? when checking for allowed status transitionsClosedGo MAEDA

Actions
Related to Redmine - Feature #1248: New Permission: Edit own issuesClosedGo MAEDA2008-05-16

Actions
Related to Redmine - Defect #15988: Unexpected behaviour on issue fields for users that have multiple roles ClosedJean-Philippe Lang

Actions
Actions
Copy link
 #1

Updated by Mischa The Evil 6 months ago

  • Related to Defect #37635: Respect Role#consider_workflow? when checking for allowed status transitions added
  • Related to Feature #1248: New Permission: Edit own issues added
  • Related to Defect #15988: Unexpected behaviour on issue fields for users that have multiple roles added
Actions
Copy link
 #2

Updated by Mischa The Evil 6 months ago

  • Status changed from New to Confirmed

Jan Graichen wrote:

The change in #37635 rendered roles that only have the :edit_own_issues permissions no longer usable because these roles are not consider_workflow?.

I've had a quick look at this and I can tentatively confirm (by code review only) the issue. It looks to me like it is an omission of #1248. It seems this use-case wasn't considered as part of its implementation.

Should :edit_own_issues be added to consider_workflow? or is that a case that shall not be supported at all?

Long story short: IMHO ":edit_own_issues [should] be added to consider_workflow?".

An (untested) example implementation of Role#consider_workflow? could look something like this:

  def consider_workflow?(author, user)
    has_permission?(:add_issues) || has_permission?(:edit_issues) || (has_permission?(:edit_own_issues) && author == user)
  end

However, this is quite a big change in design that might not fit a patch (5.1.x) release.

I'll add the contributor of the patch from #1248 (Yuichi HARADA) as a watcher of this issue.

Actions
Copy link

Also available in: Atom PDF