Details
-
Suggestion
-
Resolution: Unresolved
-
15
-
21
-
Description
In Team-managed projects with Open access, currently, users are allowed to restrict issues to the roles that they are not associated with.
Steps to Reproduce the issue:
- Create a Nextgen project with Open access
- The user that creates the project will have Administrator access, do not grant member/viewer access
- Log in as a user with Administrator access, create an issue and restrict the issue to a Member or Viewer role. Users will be allowed to restrict the issue to a role that they are not a part of.
- Log in as a user that is not associated with any role, create an issue, and restrict access to Administrator/Member/Viewer. Users will be allowed to set issue security to the access level that they do not belong to.
The feature to Restrict Issue is such that you can restrict it to any available role. However, to make sure that the users don’t lock themselves from the issue, we can see the YOU on the right for the roles that the current user is part of.
If the user is not a part of that Role, the below warning will be displayed in order to alert the user:
Suggestion:
Restricting the issue to a role that the user doesn't belong to will lock themselves from the issue. In a scenario where the Project Lead (Administrator) is also not associated with Member or Viewer might end up losing access to the issues without any clue.
It would be nice if the users are not allowed to restrict issues to the roles they do not belong to.