set_owner and permissions attributes do not grant permissions
|Reported by:||csalgau||Owned by:|
Given something intuitive like
reassign.operations = set_owner reassign.set_owner = TICKET_APPEND reassign.permissions = TICKET_APPEND
a user is able to see the the proper user list and preview, but will actually receive
Warning: No permission to change ticket fields.
without TICKET_CHGPROP, which is not desirable in some environments.
reassign.set_owner will allow users to write a username, but still fail.
Also, with the new
action.permissions feels redundant. I believe integrating
action.set_owner into the legacy attribute and adding an
action.restrict_user to enforce the drop-down would be a better choice (in that some environments may have very large user groups and would prefer the group/permission restrictions without the visible list) and could be done with no compatibility issues for 1.2.x.