Skip to content

Update epic relations permissions to match issues

With Group minimum role should be Guest for epic rel... (&9232 - closed) we updated permissions to require guest access for all epic relations but there are now some inconsistencies between epics and issues.

Due to the differences in permission checks between projects and groups, a non-member has guest access to a project if the project is public, but the same doesn't apply to a public group.

For a public group, a guest role is required to have guest access to it.

We could fix this by changing the epic's requirements to match the guest access of the issue, which would be more lenient but consistent.

previous description

In order to achieve this we should perform the following checks:

  • Epic-Epic (vertical)
    • Can read both groups and epics?
      • Minimum: Public group -> signed in non-member / Private group -> guest role / Confidential epic -> reporter role (*)
    • Both epics groups have the related_epics feature enabled?
      • Ultimate license
  • Epic-Epic (horizontal)
    • Can read both epics?
      • Minimum: same as (*)
    • Both epics groups have subepics feature enabled?
      • Ultimate license
  • Epic-Issue (vertical)
    • Can read the project and the issue?
      • Minimum: Public project -> signed in non-member / Private project -> guest role / Confidential issue -> reporter role
    • Can read the group and the epic?
      • Minimum: same as (*)

It's worth considering the epic migrations to work items and their hierarchy permissions to decide on these changes. Re: #382512 (closed)

Updated description

Here are the tables with agreed permissions for the different link permissions

Icon Requirement
🔵 Can read the item: Non-member for public group/project. Guest for private group/project
🔶 Guest for public and private group/project
🔴 Resporter for public and private group/project

Related Links

Relationship Action Current Expected
epic <-> epic create and remove source 🔶 - target 🔶 source 🔵 - target 🔶 OR source 🔶 - target 🔵
issue <-> issue create and remove source 🔴 target 🔴 source 🔵 - target 🔶 OR source 🔶 - target 🔵
work item <-> work item create and remove source 🔶 target 🔶 source 🔵 - target 🔶 OR source 🔶 - target 🔵

Hierarchy Links

Relationship Action Current Expected
epic -> epic create and remove child 🔶 - parent 🔶 child 🔶 - parent 🔵
epic -> issue create and remove child 🔵 - parent 🔶 child 🔶 - parent 🔵
work item -> work item create and remove child 🔴 - parent 🔴 child 🔶 - parent 🔵
Edited by Eugenia Grieff