Bug #396: Agilo imposing incorrect permissions - Infrastructure - DataONE Tasks

Bug #396

Agilo imposing incorrect permissions

Added by Dave Vieglais almost 15 years ago. Updated over 14 years ago.

Status:

Closed

Priority:

High

Assignee:

Dave Vieglais

Category:

Target version:

Start date:

Due date:

% Done:

100%

Milestone:

None

Product Version:

Story Points:

Sprint:

Description

The Agilo plugin appears to be conflicted in handling permissions.

e.g. for #395, attempt to edit by the reporter dataone_test_user:

You need to either to be: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member" privileges are required to perform this operation

Adding dataone_test_user to Product Owner and to a Team did not resolve the issue.

History

#1 Updated by Dave Vieglais almost 15 years ago

Relevant code is agilo/utils/permissions.py, method check_ticket_edit()

Check agilo ticket edit permissions, the schema should be as follows:
Action.PRODUCT_OWNER: can edit Type.REQUIREMENT, Type.USER_STORY
Action.SCRUM_MASTER: can link Type.USER_STORY, edit Type.TASK
Action.TEAM_MEMBER: can link Type.USER_STORY, edit own Type.TASK
or unassigned Type.TASK, or Type.TASK where is
a Key.RESOURCE.

and relevant portion of implementation logic is:

if is_ticket_owner or \
(ticket_is_task and (is_team_member or is_reporter) and ticket_has_no_owner) or \
(is_product_owner and not ticket_is_task) or \
(ticket_is_task and is_scrum_master):
return True

Temporary resolution is to assign SCRUM_MASTER privs to group dataone. This works, but is undesirable.

#2 Updated by Dave Vieglais over 14 years ago

Completely resolved by removing agilo.

Also available in: Atom PDF

Project

General

Profile

Infrastructure

Issues

Custom queries

Bug #396

Agilo imposing incorrect permissions

History

#1 Updated by Dave Vieglais almost 15 years ago

#2 Updated by Dave Vieglais over 14 years ago