Change permissions to set epic of an issue
requested to merge 208425-user-without-parent-group-permission-cannot-assign-epic-to-issue into master
What does this MR do?
To be able to assign an issue to its project's parent group epic, like discussed in #208425 (closed), we need to modify the permissions check as follows:
From
- The user has the ability to
admin_epic
To
- The user has the ability to
admin_issue(IOWm at least areporterrole in the project) - The user has the ability to
read_epic(IOW, at least aguestrole in the group as well as having theepicsfeature enabled for the group)
This MR changes permission checks in:
Issue#can_assign_epic?Mutations::Issues::SetEpic#authorize_read_rights!EE::Issues::BaseService#epic_paramEpicIssues::CreateService#linkable_issuablesEpicIssues::DestroyService#permission_to_remove_relation?-
API::EpicIssues- PUT
:id/(-/)epics/:epic_iid/issues/:epic_issue_id - POST
:id/(-/)epics/:epic_iid/issues/:issue_id - DELETE
:id/(-/)epics/:epic_iid/issues/:epic_issue_id
- PUT
Does this MR meet the acceptance criteria?
Conformity
-
I have included changelog trailers, or none are needed. (Does this MR need a changelog?) -
I have added/updated documentation, or it's not needed. (Is documentation required?) -
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?) -
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?) -
I have self-reviewed this MR per code review guidelines. -
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines) -
I have followed the style guides. -
This change is backwards compatible across updates, or this does not apply.
Availability and Testing
-
I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.) -
I have tested this MR in all supported browsers, or it's not needed. -
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.
Related to #208425 (closed)
Edited by Eugenia Grieff