[JRASERVER-21857] Workflow Transition is visible/executable to user if the issue/user has met the condition for the workflow transition in a "Read Only" project

Type: Bug
Resolution: Unresolved
Priority: Low (View bug fix roadmap)
Fix Version/s: None
Affects Version/s: 3.13.5, 4.0, 4.0.2, 4.1, 4.1.1
Component/s: Administration - Workflows, Project Administration - Permissions
Labels:
- affects-server

Introduced in Version:
3.13
Symptom Severity:
Severity 3 - Minor
UIS:
0
Bug Fix Policy:
View Atlassian Server bug fix policy

After setting a project as a Read-Only project, user will be able to execute Workflow Transition that the user or the issue has met.

This is reproduceable in JIRA 3.13.5, JIRA 4.0, JIRA 4.0.2, JIRA 4.1, JIRA 4.1.1. Here are the steps to reproduce this and as an example, the "Only Assignee will be able to execute this transition" Permission Condition is used:

create a new project
create a new workflow that has Transition's Condition:"Only Assignee will be able to execute this transition". Or used the default JIRA workflow called "jira".
create an issue in the project and assigned it to a user
create a new Permission Scheme that only has "Browse Project" permission is granted to users. Other permissions are empty.
associate the project with the new Permission Scheme created in step 4.
login as the user that has issue assigned to him. The user are be able to execute the transition that has "Only Assignee will be able to execute this transition". If the project using the Default JIRA workflow called jira, the Assignee will be able see "Start Progress" or "Stop Progress".

This problem still occurred even if no user is associated with any Project Roles in the project.

relates to

JRASERVER-32601 Edit permission should also apply to workflow transitions

Closed

SET Analytics Bot made changes - 20/Feb/2024 2:25 AM

UIS

Original: 1

New: 0

SET Analytics Bot made changes - 05/Nov/2021 2:38 AM

UIS

Original: 0

New: 1

SET Analytics Bot made changes - 24/Sep/2021 2:19 AM

UIS

Original: 1

New: 0

SET Analytics Bot made changes - 21/Apr/2019 12:26 AM

UIS

New: 1

Bugfix Automation Bot made changes - 27/Mar/2019 11:59 PM

Minimum Version

New: 3.13

Owen made changes - 16/Oct/2018 12:47 AM

Workflow

Original: JAC Bug Workflow v2 [ 2844708 ]

New: JAC Bug Workflow v3 [ 2918269 ]

Owen made changes - 25/Sep/2018 5:10 AM

Symptom Severity

Original: Minor [ 14432 ]

New: Severity 3 - Minor [ 15832 ]

Owen made changes - 25/Sep/2018 12:39 AM

Workflow	Original: JIRA Bug Workflow w Kanban v7 - Restricted [ 2582968 ]	New: JAC Bug Workflow v2 [ 2844708 ]
Status	Original: Verified [ 10005 ]	New: Gathering Impact [ 12072 ]

Ignat (Inactive) made changes - 01/Feb/2018 2:28 PM

Workflow

Original: JIRA Bug Workflow w Kanban v6 - Restricted [ 1540951 ]

New: JIRA Bug Workflow w Kanban v7 - Restricted [ 2582968 ]

Confluence Escalation Bot (Inactive) made changes - 17/Feb/2017 6:17 AM

Labels

New: affects-server

Assignee:: Unassigned

Reporter:: Janet Albion (Inactive)

Affected customers:: 5 This affects my team

Watchers:: 4 Start watching this issue

Created:: 26/Jul/2010 6:32 AM

Updated:: 20/Feb/2024 2:25 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates