-
Bug
-
Resolution: Duplicate
-
Low
-
None
-
1
-
Minor
-
Issue Summary
This bug is related to custom project roles on team-managed projects.
Whenever we create a new project role, if we associate the create issue permission to that custom role, it also allows the user to edit issues after the project creation.
Steps to Reproduce
- Create a team-managed project.
- Create a custom role.
- Associate the project permission "create issue" to that custom project role.
- Associate a user to that role and make sure that the user does not have any other project permission except for the "create issue" granted by the custom project role.
- Impersonate the user.
- Create a new issue inside the project that we created in step 1.
- Open the issue, you will be able to edit it, even without the project permission Edit issue.
Expected Results
Based on the description that we have for the project issue Create issue, it should allow the user to create a new issue, but not to edit that issue after its creation.
Actual Results
The project permission Create issue is also allowing the user to edit the project issues.
Workaround
None
- duplicates
-
JRACLOUD-83158 Adding user to private team-managed project automatically allows them to view all unrestricted issues - causes confusion
- Closed