0012958: Add restriction of adding notes to issues of other organisations

ID	Project	Category	View Status	Date Submitted	Last Update
0012958	mantisbt	customization	public	2011-04-21 12:25	2011-09-13 22:18

Reporter	edwerk	Assigned To	vboctor
Priority	high	Severity	major	Reproducibility	always
Status	closed	Resolution	no change required
Product Version	1.2.5

Summary	0012958: Add restriction of adding notes to issues of other organisations
Description	We are using Mantis BT and because many organisations report isues to us, we experience interactions done by employees of organisation B in an issue of organisation A, we don't appriciate in one issue. Employees of organisation B should make an seperate issue by themselves, which we can connect to each other. We like to have the follewing changes: Adding an extra table to Mantis: ‘Organisation’. This table should have the following columns: Organisation_id Organisation_name It should be possible to maintain this table from the form manage_overview_page.php In the table ‘mantis_user_table’ an extra column should be added: ‘Organisation id’ In the user maitenance screen of the users (manage_user_edit_page.php) is should be possible to select the organisation from the table 'Organisation' With this information the authorization should be restricted to the pages where additional notes can be added: When the user has an access_level <= 25 (reporter), he/she should not be able to add a note to the issues that are not issued bij a user of teh same organisation.(organisation_id of reporter of the issues = organisation_id of the user.)
Tags	No tags attached.
Attached Files	organizations.zip (41,559 bytes)

edwerk 2011-04-26 14:26 reporter ~0028695	Edit bugnote_add.php and bugnote_add_inc.php to check that either the user's access level is >= developer AND user's id.organisation is the same as the reporter's id.organisation).

edwerk 2011-05-11 06:04 reporter ~0028766	Any developper willing to build this plugin within some weeks? Financial arrangement can be made.

cas 2011-05-11 06:38 reporter ~0028768 Last edited: 2011-05-11 07:42	Eddy, I can do it but it cannot be a plugin given the impact.(yes, evene with a table for the organizations).

djcarr 2011-05-15 20:44 reporter ~0028779	Issue 0003444 adds the general concept of Roles to MantisBT and it would be able to solve this scenario.

edwerk 2011-05-16 01:37 reporter ~0028780	Indeed, that issue would give the functionality that I described above. But then the question is: is that functionality already build? What I read in that issue is that there is a well worked out idea, but not al full implementation of managing users and groups. Or am I wrong?

cas 2011-05-16 02:48 reporter ~0028781	That issue (3444) was already raised in 2003 and never really addressed by the team. Similar request has been to be able to address an issue to multiple persons (also related to group management but not addressed by 3444) which also is not on the ToDo list. Group management would indeed be beneficial (although it will not cater for all requests such as the the one from edwerk without modding) but it should be part of the core since it , if done properly, can have quite an impact. Suggestion of djcarr is an option although it leaves the original scheme as it is which may lead to confusion as to which definition takes precedence (group/user/level). And as said above, it should not be just around authorizations but also related to workflow. Even within 1.3 it is not foreseen.

cas 2011-05-19 09:40 reporter ~0028803	Attached some scripts that provide the functionality described and requested by edwerk. Please read the install notes carefully, it does involve changing standard scripts. Since he also supports the opensource community, he was happy to release these sources here. This issue can be closed.

View Issue Details

Activities