|
|
Is there a specific threshold for users to manage versions inside a project?
Seems like that capability would have the same issues, if you want a limited user access level to be able to create versions, but not modify other properties in the project. |
|
|
|
Currently, a user with manager access level in a project can't access the project edit pages to manage users for that project.
Sounds like a bug. I vaguely recall hitting this issue in my previous company, but never got around to investigating or attempting to fix it.
I expect the page to be accessible, but only the relevant part (manage users) being editable, according to permissions.
I agree.
The user that can manage users in a project, should not be able to add or remove user with higher access level than him.
That makes sense, but we need to be careful with the global vs project-specific access - which one to consider in this scenario ?
Is there a specific threshold for users to manage versions inside a project?
I don't think so |
|
|
|
That makes sense, but we need to be careful with the global vs project-specific access - which one to consider in this scenario ?
I think specific project level should always override global access level, for those actions that are related to that project. This is especially applicable to private projects. |
|
|
|
I think specific project level should always override global access level,
unless you are a global administrator
At least this is what we have at the moment in function access_get_project_level
if( ALL_PROJECTS == $p_project_id || user_is_administrator( $p_user_id ) ) {
return $t_global_access_level;
|
|
|
|
unless you are a global administrator
right |
|
|
|
Had also 'issues' with this feature.
In my opinion authorisation should separated like this;
- separate threshold to be able to add, change, password reset and inactivate users
- users with higher privileges never show
- separate threshold to be able to delete users, same as above but then including delete option (admin)
- users with higher privileges never show
- separate threshold to be able to add new users, and only able to connect them with her/his project ("project_user_threshold")
- and only sees the users (same and lower in rights) connected to his/her project
- able to change the users rights for that particular project (only for users lower than his rights)
- able to disconnect users from his/her project (or able to set rights to '0' for that user for that project)
- not able to delete users
- users with higher privileges never show
|
|
|
|
Sorry, I faced this access problem.
Please let us know when it will be fixed. Thank you
EDIT (dregad): below is the contents of the PDF that was originally attached to this note
for example:
project_user_threshold = MANAGER
manage_project_threshold = ADMINISTRATOR
Currently, a user with manager access level in a project can't access the project edit pages to manage users for that project.
I expect the page to be accessible, but only the relevant part (manage users) being editable, according to permissions.
Otherwise, "project_user_threshold" seems to be of little use.
A use case is:
A user who is manager for a private project, should be able to add and remove users in that project
But can't edit main project properties: names, enabled status, or make it public.
Additionally, we could consider:
The user that can manage users in a project, should not be able to add or remove user with higher access level than him. |
|
