New option limit_reporter_unless_threshold
Currently the option 'limit_reporters' is used to only allow viewing
issues reported by the user. This is an on/off option, and not a
threshold, and when enabled it applies the restriction to those user
that are calculated to be reporters.
The problem is that a user can report issues based on
'report_bug_threshold'. With the option enabled, users with an access
level (AL) greater than the minumim AL needed to report, are those that
can view all issues. This is a weak implementation that causes
inconsistencies, for example, when the report threshold is a
non-contiguous array of ALs.
A new option is created: limit_reporter_unless_threshold which is a real
threshold option. Any user that meets that threshold will see any issue,
otherwise the view is limited to only own reported issues (working like
the old option 'limit_reporters')
The meaning of the option has a inverse logic, because we don't support
negative thresholds. Setting ANYBODY as the value for this option is the
equivalent of 'limit_reporters' having OFF value.
To add a transitional workaround from the old to new logic:
When 'limit_reporters' option is ON, which according to previous
functionality, should be a global configuration (ALL_PROJECTS), the new
option is not evaluated, neither will be shown in configuration pages.
Once 'limit_reporters' is OFF at global level, the new option
'limit_reporter_unless_threshold' will be shown on pages and be
effective al global or project level.
Fixes: 0023570 |