Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problems with issue visibility for own/assigned issues #41

Open
danielvijge opened this issue Feb 16, 2016 · 2 comments
Open

Problems with issue visibility for own/assigned issues #41

danielvijge opened this issue Feb 16, 2016 · 2 comments

Comments

@danielvijge
Copy link

I want to create a project where users can only see their own tickets. All users have a role in this project, and for this role item visibility is set to 'Issues created or assigned to the user'. For this project the tracker control module is enabled.
If I give this role the permission 'show tracker', users can see all issues in the issue list, but open only their own issues. If I do not give the role the 'show tracker' permission, the user can only see own/assigned issues in the list, but cannot open any issues, including own/assigned issues.
I do like to have the option to only use the item visibility. Users should be able to see only own issues, and be able to open these issues.
For now, I solved it by patching tracker_helper.rb:valid_trackers_ids() to only have
project.trackers.collect {|t| t.id}
and do not give the 'show tracker' permission to this role.
@danielvijge
Copy link
Author

Or actually, to prevent an error when viewing all issues (not per project, from the my page):

if project
  project.trackers.collect {|t| t.id}
else
  Tracker.all.collect {|t| t.id}

@danielvijge
Copy link
Author

The solution earlier effects the new issue creation. A different solution might be:

        def self.extra_access_conditions(role)
          tracker_ids = RedmineTrackControl::TrackerHelper.trackers_ids_by_role(role,"show")
          if (!tracker_ids.empty?)
            case role.issues_visibility
            when 'all'
              "1=1"
            when 'default'
              "((#{table_name}.tracker_id IN (#{tracker_ids.join(',')})) OR #{table_name}.project_id NOT IN (SELECT em.project_id FROM #{EnabledModule.table_name} em WHERE em.name='tracker_permissions'))"
            else
              ""
            end
          end
        end

The case statement is new. It add the conditions which trackers are visible, but only for users with the default issue view permissions. For all issue visibility, it simply adds a statement which is always true. For issue visibility where a user can only see own issues, no additional conditions are added, so only the condition from visible_condition_block() are applied.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@danielvijge