Details
-
Bug
-
Resolution: Fixed
-
High
-
10.117.0
-
1
-
Severity 2 - Major
-
No
Description
Issue Summary
Epic permission is not being correctly evaluated/respected for Custom Hierarchies
If we remove all the permissions from the Epic, and only leave the view permission for it, we can't save any changes, as the save button is not present, and just when we click on Save the POST call is made to update the details.
Now, on the Custom Hierarchies, it is behaving in a different way, as once we select a value, a POST call is immediately made, saving the changes on it and ignoring the permission for that item.
Steps to Reproduce
- User is mapped to "TestRole".
- Go to Administration > Roles > Select "TestRole"
- Expand Administration -> Other Setup ->Click on Manage next to "Custom Hierarchies"
- Disable Edit option for all the Custom Hierarchies available and enable only view option
- Expand Portfolio > Epics and enable only "Epic Detail Report" option and disable all the other options
- Login to the user mapped to "TestRole"
- Go to Portfolio > Epics and open any Epic from the grid
- Save button is not visible
- Now from custom hierarchy dropdown, we are able to change the Custom hierarchy mapped to the drop-down
Expected Results
If Edit permission is not allowed for Epics, then there should not be any POST call for custom hierachies.
Actual Results
Even for Epic view permission, we are able to change the Custom Hierarchies of an Epic.
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available