View Issue Details

IDProjectCategoryView StatusLast Update
0005096mantisbtrelationshipspublic2019-09-25 18:50
Reporterjohnwebbcole Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
Summary0005096: Add separate permission for adding a relationship...
Description

Currently, relationships can be added if a user has 'update issue' permission. It would be nice for users who do not have that permission to be able to have an 'add' relationship (but not delete). That way users who normally would not be allowed to update issue info would be able to create duplicate relationships when they see them.

TagsNo tags attached.

Activities

Ellerbrok1

Ellerbrok1

2005-02-15 03:07

reporter   ~0009316

Would be very helpful!

mgerben

mgerben

2005-02-15 11:07

reporter   ~0009323

... and they cannot undo their own mistakes either.
And they'll have to go to someone with higher permissions to undo it.

Im my experience the logging feature of Mantis does magic. You can leave the update permission ON, and simply call a user to ask him why he has deleted a relationship when he shouldn't have.

Personally I believe more in openess than in restrictions. This will be yet another configuration parameter to set or unset.

If the Mantis boys (any galls in the project?) wish to implement this, I suggest a full overhaul with roles instead of access levels, workflow stored in the database and assigning permission for each state-transition and edit-action on a role-basis - all web-based configuration, of course.

MPA

MPA

2007-07-17 11:46

reporter   ~0015081

Add in config_inc.php
$g_relation_bug_threshold = DEVELOPER

Change in file:
bug_relationship_add.php, line 25
bug_relationship_delete.php, line 31
core\relationship_api.php, line 582 and 742

"update_bug_threshold" in "relation_bug_threshold"

If you want seperate authorisation for add and delete you can add another line in yout config_inc.php. Something like;
$g_relation_del_bug_threshold = ADMINISTRATOR
and also change the bug_relationship_delete.php

vboctor

vboctor

2007-09-11 09:47

manager   ~0015611

I agree that we should add the following configuration options:

  1. relationship_add_threshold
  2. relationship_delete_threshold

If we add the id of the user who added the relationship, then we can also add the following configuration:

relationship_delete_own_threshold

or always allow deleting own relationships.

The second issue what threshold to use when a user adds a relationship with the same other issue but with a different type. In this case, the user is practically modifying an existing relationship that may have been added by them or by another user.

Issue History

Date Modified Username Field Change
2005-01-11 14:56 johnwebbcole New Issue
2005-02-15 03:07 Ellerbrok1 Note Added: 0009316
2005-02-15 11:07 mgerben Note Added: 0009323
2007-07-17 11:46 MPA Note Added: 0015081
2007-09-11 09:47 vboctor Note Added: 0015611
2007-09-11 09:47 vboctor Status new => acknowledged