View Issue Details

IDProjectCategoryView StatusLast Update
0011203mantisbtrelationshipspublic2018-06-04 05:27
Reporterllattan Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status acknowledgedResolutionopen 
Product Version1.0.7 
Summary0011203: "Relationships" should be a configurable capability
Description

I think that "Add/Delete Relationship" should be a configurable capability.

I want that developers can add a new relationship for an issue.

TagsNo tags attached.

Relationships

has duplicate 0017365 closedatrol Relationships independent of $g_update_bug_threshold 
has duplicate 0024513 closedatrol Relationships as separate right in Workflow Threshold 

Activities

llattan

llattan

2009-11-20 11:14

reporter   ~0023775

(without changing our permissions for each type of user)

squarebox

squarebox

2009-11-23 20:42

reporter   ~0023791

out of curiosity what new relationship would you create?

dhx

dhx

2009-11-23 21:17

reporter   ~0023792

Are you referring to the customisation possible via methods described at http://www.mantisbt.org/wiki/doku.php/mantisbt:customizing_relationships

Or are you after access thresholds to set which users can add and or delete relationships between issues?

llattan

llattan

2009-11-24 07:30

reporter   ~0023798

I´m referring to access thresholds to set which users can add and or delete relationships between issues

watergad

watergad

2009-12-01 04:29

reporter   ~0023830

Last edited: 2009-12-01 04:30

View 2 revisions

[1.2.0rc2] relationship_api.php line 828
[1.2.0rc2] bug_relationship_add.php line 38
It checks if user has the UPDATER status.

It would be nice to have the configurable access, e.g. I tweaked for my needs:
Add relationship: REPORTER
Delete relationship: UPDATER (left bug_relationship_delete.php unchanged).

llattan

llattan

2010-03-22 21:14

reporter   ~0024855

I couldn't reproduce the tweaks. I couldn't make them work.

Could you add diff files for version 1.2.0 ?

watergad

watergad

2010-03-23 07:52

reporter   ~0024861

Sorry, I'm not familiar with diffs.

I mean there are two access checks to be passed when adding the relationship:
[1.2.0rc2] relationship_api.php line 828
if( access_has_bug_level( config_get( 'update_bug_threshold' ), $p_bug_id ) ) {

[1.2.0rc2] bug_relationship_add.php line 38
access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_src_bug_id );

As you can see, the access level is managed with config option
$g_update_bug_threshold = UPDATER;

So if you don't want to keep relationships tied with 'update bug' routine, you have to change (I've changed it to REPORTER here):

[1.2.0rc2] bug_relationship_add.php line 38
// access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_src_bug_id );
access_ensure_bug_level( config_get( 'report_bug_threshold' ), $f_src_bug_id );

[1.2.0rc2] relationship_api.php line 828
// if( access_has_bug_level( config_get( 'update_bug_threshold' ), $p_bug_id ) ) {
if( access_has_bug_level( config_get( 'report_bug_threshold' ), $p_bug_id ) ) {

You may also change bug_relationship_delete.php (line 42), but I dont think its the good idea.

llattan

llattan

2010-03-23 08:31

reporter   ~0024864

Ok, I will try your tweaks and I will inform you.

I think it should be a new threshold to manage add/delete relationships for the next stable release, independient of update_bug_threshold and report_bug_threshold.

(for example I need only DEVELOPERs can add relationships, not REPORTERs, but I need DEVELOPERs can't update bugs)

watergad

watergad

2010-03-23 09:39

reporter   ~0024868

Then (I didn't try but it has to be working) you can try not threshold but certain level, for example:

[1.2.0rc2] bug_relationship_add.php line 38
// access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_src_bug_id );
access_ensure_bug_level( DEVELOPER, $f_src_bug_id );

[1.2.0rc2] relationship_api.php line 828
// if( access_has_bug_level( config_get( 'update_bug_threshold' ), $p_bug_id ) ) {
if( access_has_bug_level( DEVELOPER, $p_bug_id ) ) {

llattan

llattan

2010-03-23 09:57

reporter   ~0024869

Ok, I will try your tweaks and I will inform you.

andrea.mills

andrea.mills

2011-08-18 13:46

reporter   ~0029514

This capability should be a threshold, such as $g_delete_relationship_threshold = UPDATER and $g_add_relationship_threshold = REPORTER or similar.

Rost

Rost

2018-06-04 05:27

reporter   ~0060009

Today Relationships are linked to right 'Update an issue'.
Sometimes QA are quite smart to find related issues, like product features, regression things etc. However they can't link anything because section Relationships is protected to read-only and linked to right 'Update an issue'.

In the same time, 'Update an issue' for Developers isn't a good practice, because in this case Developer may silently update original issue with absolutely irrelated data with breaking QA processes. Removing this right from Developer breaks ability to change relationships.

So I suggest adding right 'Change relationships' to page Workflow Threshold with ability to manage things on administrator level.

Issue History

Date Modified Username Field Change
2009-11-20 11:11 llattan New Issue
2009-11-20 11:14 llattan Note Added: 0023775
2009-11-23 20:42 squarebox Note Added: 0023791
2009-11-23 21:17 dhx Note Added: 0023792
2009-11-24 07:30 llattan Note Added: 0023798
2009-12-01 04:29 watergad Note Added: 0023830
2009-12-01 04:30 watergad Note Edited: 0023830 View Revisions
2009-12-01 04:31 vboctor Status new => acknowledged
2010-03-22 21:14 llattan Note Added: 0024855
2010-03-23 07:52 watergad Note Added: 0024861
2010-03-23 08:31 llattan Note Added: 0024864
2010-03-23 09:39 watergad Note Added: 0024868
2010-03-23 09:57 llattan Note Added: 0024869
2011-08-18 13:46 andrea.mills Note Added: 0029514
2014-05-22 07:26 atrol Relationship added has duplicate 0017365
2018-05-31 12:25 atrol Relationship added has duplicate 0024513
2018-06-04 05:27 Rost Note Added: 0060009