(without changing our permissions for each type of user)

out of curiosity what new relationship would you create?

Are you referring to the customisation possible via methods described at http://www.mantisbt.org/wiki/doku.php/mantisbt:customizing_relationships

Or are you after access thresholds to set which users can add and or delete relationships between issues?

I´m referring to access thresholds to set which users can add and or delete relationships between issues

[1.2.0rc2] relationship_api.php line 828
[1.2.0rc2] bug_relationship_add.php line 38
It checks if user has the UPDATER status.

It would be nice to have the configurable access, e.g. I tweaked for my needs:
Add relationship: REPORTER
Delete relationship: UPDATER (left bug_relationship_delete.php unchanged).

I couldn't reproduce the tweaks. I couldn't make them work.

Could you add diff files for version 1.2.0 ?

Sorry, I'm not familiar with diffs.

I mean there are two access checks to be passed when adding the relationship:
[1.2.0rc2] relationship_api.php line 828
if( access_has_bug_level( config_get( 'update_bug_threshold' ), $p_bug_id ) ) {

[1.2.0rc2] bug_relationship_add.php line 38
access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_src_bug_id );

As you can see, the access level is managed with config option
$g_update_bug_threshold = UPDATER;

So if you don't want to keep relationships tied with 'update bug' routine, you have to change (I've changed it to REPORTER here):

[1.2.0rc2] bug_relationship_add.php line 38
// access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_src_bug_id );
access_ensure_bug_level( config_get( 'report_bug_threshold' ), $f_src_bug_id );

[1.2.0rc2] relationship_api.php line 828
// if( access_has_bug_level( config_get( 'update_bug_threshold' ), $p_bug_id ) ) {
if( access_has_bug_level( config_get( 'report_bug_threshold' ), $p_bug_id ) ) {

You may also change bug_relationship_delete.php (line 42), but I dont think its the good idea.

Ok, I will try your tweaks and I will inform you.

I think it should be a new threshold to manage add/delete relationships for the next stable release, independient of update_bug_threshold and report_bug_threshold.

(for example I need only DEVELOPERs can add relationships, not REPORTERs, but I need DEVELOPERs can't update bugs)

Then (I didn't try but it has to be working) you can try not threshold but certain level, for example:

[1.2.0rc2] bug_relationship_add.php line 38
// access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_src_bug_id );
access_ensure_bug_level( DEVELOPER, $f_src_bug_id );

[1.2.0rc2] relationship_api.php line 828
// if( access_has_bug_level( config_get( 'update_bug_threshold' ), $p_bug_id ) ) {
if( access_has_bug_level( DEVELOPER, $p_bug_id ) ) {

Ok, I will try your tweaks and I will inform you.

This capability should be a threshold, such as $g_delete_relationship_threshold = UPDATER and $g_add_relationship_threshold = REPORTER or similar.

Today Relationships are linked to right 'Update an issue'.
Sometimes QA are quite smart to find related issues, like product features, regression things etc. However they can't link anything because section Relationships is protected to read-only and linked to right 'Update an issue'.

In the same time, 'Update an issue' for Developers isn't a good practice, because in this case Developer may silently update original issue with absolutely irrelated data with breaking QA processes. Removing this right from Developer breaks ability to change relationships.

So I suggest adding right 'Change relationships' to page Workflow Threshold with ability to manage things on administrator level.