View Issue Details

IDProjectCategoryView StatusLast Update
0005096mantisbtrelationshipspublic2021-11-01 11:22
Reporterjohnwebbcole Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
Summary0005096: Add separate permission for adding a relationship...
Description

Currently, relationships can be added if a user has 'update issue' permission. It would be nice for users who do not have that permission to be able to have an 'add' relationship (but not delete). That way users who normally would not be allowed to update issue info would be able to create duplicate relationships when they see them.

TagsNo tags attached.

Relationships

has duplicate 0029042 closeddregad set bug relationship treshold 
has duplicate 0029237 closeddregad i want to change the permission to add relationship to developer 

Activities

Ellerbrok1

Ellerbrok1

2005-02-15 03:07

reporter   ~0009316

Would be very helpful!

mgerben

mgerben

2005-02-15 11:07

reporter   ~0009323

... and they cannot undo their own mistakes either.
And they'll have to go to someone with higher permissions to undo it.

Im my experience the logging feature of Mantis does magic. You can leave the update permission ON, and simply call a user to ask him why he has deleted a relationship when he shouldn't have.

Personally I believe more in openess than in restrictions. This will be yet another configuration parameter to set or unset.

If the Mantis boys (any galls in the project?) wish to implement this, I suggest a full overhaul with roles instead of access levels, workflow stored in the database and assigning permission for each state-transition and edit-action on a role-basis - all web-based configuration, of course.

MPA

MPA

2007-07-17 11:46

reporter   ~0015081

Add in config_inc.php
$g_relation_bug_threshold = DEVELOPER

Change in file:
bug_relationship_add.php, line 25
bug_relationship_delete.php, line 31
core\relationship_api.php, line 582 and 742

"update_bug_threshold" in "relation_bug_threshold"

If you want seperate authorisation for add and delete you can add another line in yout config_inc.php. Something like;
$g_relation_del_bug_threshold = ADMINISTRATOR
and also change the bug_relationship_delete.php

vboctor

vboctor

2007-09-11 09:47

manager   ~0015611

I agree that we should add the following configuration options:

  1. relationship_add_threshold
  2. relationship_delete_threshold

If we add the id of the user who added the relationship, then we can also add the following configuration:

relationship_delete_own_threshold

or always allow deleting own relationships.

The second issue what threshold to use when a user adds a relationship with the same other issue but with a different type. In this case, the user is practically modifying an existing relationship that may have been added by them or by another user.

mbuhisi

mbuhisi

2021-10-31 05:06

reporter   ~0065969

Dear MPA

i have a new version # 2.25.0 but i couldnt find the following lines you mention

Change in file:
bug_relationship_add.php, line 25
bug_relationship_delete.php, line 31
core\relationship_api.php, line 582 and 742

"update_bug_threshold" in "relation_bug_threshold"

dregad

dregad

2021-10-31 06:11

developer   ~0065973

i couldnt find the following lines you mention

As you can imagine, the MantisBT source code has changed since 2007... Look for the original references mentioned by MPA in release 1.1.0a1. Today, this code is likely in

  • core/commands/IssueViewPageCommand.php
  • core/commands/IssueRelationshipAddCommand.php
  • core/commands/IssueRelationshipDeleteCommand.php
mbuhisi

mbuhisi

2021-11-01 11:22

reporter   ~0065979

thank you dregad, i found code in new files as you said