Content
View differences
Updated by Mir Bhatia 9 months ago
### Steps to reproduce
**Common steps:**
1. Be a non admin user
2. Have two projects
1. "Project read only": The user is member in here but does not have the "Manage work package relations" permission
2. "Project writable": The user is member with the permission "Manage work package relations" permission
3. Have two work packages one in each project
1. "Work package read only"
2. "Work package writable"
4. Go to the writable ticket "Work package writable"
**Create case:**
1.
5. Go to the relations tab and open the modal to create a new "Blocks" permission (Also possible for other relations)
2. 6. Insert "Work package read only"
3. 7. Click "Add"
**Update case (If there already is an existing relation):**
1. Go to the relations tab and click on the three dots menu for the relation to the read only WP
2. Click "Edit relation"
3. Update the description
4. Click "Save"
**Delete case (If there already is an existing relation):**
1. Go to the relations tab and click on the three dots menu for the relation to the read only WP
2. Click "Delete relation"
### What is the buggy behavior?
**Create case:**
* The relation is created.
**Update case (If there already is an existing relation):**
* The relation is updated.
**Delete case (If there already is an existing relation):**
* The relation is deleted.
### What is the expected behavior?
**Common:**
* We enforce enfore symmetry; the user needs write permission on both work packages in order to be able to create the relation.
**Create case:**
* Relations with read-only permissions are still visible in the results. However, selecting one throws throw an in-line error below the field with text:
* "The selected work package is read-only and cannot be added as a relation."
**Update case (If there already is an existing relation):**
* "This relation cannot be updated because the related work package is read-only."
**Delete case (If there already is an existing relation):**
* "This relation cannot be deleted because the related work package is read-only."
<br>
### Screenshots and other files
<img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/314824/content">
### Technical notes
This is possible because the `relations/base_contract.rb` only checks the `model.from` work package for the permission.
**Common steps:**
1. Be a non admin user
2. Have two projects
1. "Project read only": The user is member in here but does not have the "Manage work package relations" permission
2. "Project writable": The user is member with the permission "Manage work package relations" permission
3. Have two work packages one in each project
1. "Work package read only"
2. "Work package writable"
4. Go to the writable ticket "Work package writable"
**Create case:**
1.
5.
2.
3.
**Update case (If there already is an existing relation):**
1. Go to the relations tab and click on the three dots menu for the relation to the read only WP
2. Click "Edit relation"
3. Update the description
4. Click "Save"
**Delete case (If there already is an existing relation):**
1. Go to the relations tab and click on the three dots menu for the relation to the read only WP
2. Click "Delete relation"
### What is the buggy behavior?
**Create case:**
* The relation is created.
**Update case (If there already is an existing relation):**
* The relation is updated.
**Delete case (If there already is an existing relation):**
* The relation is deleted.
### What is the expected behavior?
**Common:**
* We enforce
**Create case:**
* "The selected work package is read-only and cannot be added as a relation."
**Update case (If there already is an existing relation):**
* "This relation cannot be updated because the related work package is read-only."
**Delete case (If there already is an existing relation):**
* "This relation cannot be deleted because the related work package is read-only."
<br>
### Screenshots and other files
<img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/314824/content">
### Technical notes
This is possible because the `relations/base_contract.rb` only checks the `model.from` work package for the permission.