Open
Bug 594171
Opened 15 years ago
Entry permission for Products doesn't allow for granular permissions.
Categories
(Bugzilla :: Creating/Changing Bugs, defect)
Bugzilla
Creating/Changing Bugs
Tracking
()
NEW
People
(Reporter: mockodin, Unassigned)
Details
Entry permission for Products doesn't allow for granular permissions. While the descriptions are accurate for Entry the concept seems broken.
>If any group has Entry selected, then this product will restrict issue entry to only those users who are members of all the groups with entry selected.
For Entry the look up is as follows:
my @enterable_ids =@{$dbh->selectcol_arrayref(
'SELECT products.id FROM products
LEFT JOIN group_control_map
ON group_control_map.product_id = products.id
AND group_control_map.entry != 0
AND group_id NOT IN (' . $self->groups_as_string . ')
WHERE group_id IS NULL
AND products.isactive = 1') || []};
The effect being exactly what the description says, if user is not in ALL the groups then entry permission is denied. This means that you can not assign Entry rights to one group and disallow confirm. And deny Entry rights and grant confirm to another group. As a user must belong to both groups. This means that if you choose to use Entry the other permissions are somewhat pointless.
I propose the following sql instead:
my @enterable_ids =@{$dbh->selectcol_arrayref(
'SELECT products.id FROM products
LEFT JOIN group_control_map gcm_1
ON gcm_1.product_id = products.id
LEFT JOIN group_control_map gcm_2
ON gcm_2.product_id = products.id
AND gcm_2.group_id IN (' . $self->groups_as_string . ')
GROUP BY products.id having sum(gcm_1.entry) = 0
OR sum(gcm_2.entry) > 0') || []};
The first left join gets all products that are open to everyone.
The second gets explicit Entry permission
Perhaps I'm missing something in how permissions are intended to be implemented and have gone about it in the wrong manner..
You need to log in
before you can comment on or make changes to this bug.
Description
•