Project

General

Profile

Bug #396

Agilo imposing incorrect permissions

Added by Dave Vieglais over 14 years ago. Updated almost 14 years ago.

Status:
Closed
Priority:
High
Assignee:
Dave Vieglais
Category:
-
Target version:
-
Start date:
Due date:
% Done:

100%

Milestone:
None
Product Version:
*
Story Points:
Sprint:

Description

The Agilo plugin appears to be conflicted in handling permissions.

e.g. for #395, attempt to edit by the reporter dataone_test_user:

You need to either to be: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member" privileges are required to perform this operation

Adding dataone_test_user to Product Owner and to a Team did not resolve the issue.

History

#1 Updated by Dave Vieglais over 14 years ago

Relevant code is agilo/utils/permissions.py, method check_ticket_edit()

Check agilo ticket edit permissions, the schema should be as follows:
Action.PRODUCT_OWNER: can edit Type.REQUIREMENT, Type.USER_STORY
Action.SCRUM_MASTER: can link Type.USER_STORY, edit Type.TASK
Action.TEAM_MEMBER: can link Type.USER_STORY, edit own Type.TASK
or unassigned Type.TASK, or Type.TASK where is
a Key.RESOURCE.

and relevant portion of implementation logic is:

if is_ticket_owner or \
(ticket_is_task and (is_team_member or is_reporter) and ticket_has_no_owner) or \
(is_product_owner and not ticket_is_task) or \
(ticket_is_task and is_scrum_master):
return True

Temporary resolution is to assign SCRUM_MASTER privs to group dataone. This works, but is undesirable.

#2 Updated by Dave Vieglais almost 14 years ago

Completely resolved by removing agilo.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)