workflow multi-permissions work incorrect
|Reported by:||Owned by:|
I using default workflow handler: ConfigurableTicketWorkflow, and I setting 2 permissions for some actions, like:
accept = assigned -> accepted accept.operations = set_owner_to_self accept.permissions = TICKET_MODIFY,MY_CUSTOM_ACTION
I think the user who has both TICKET_MODIFY and MY_CUSTOM_ACTION permissions can take action 'accept', but it's not. And I read the code, I found it's not 'AND' for multi-permissions, but 'OR':
def _is_action_allowed(self, ticket_perm, required_perms): if not required_perms: return True for permission in required_perms: if permission in ticket_perm: return True return False
Is it a bug? or you design that: if the user just has one of 'accept.permissions', he can do the action 'accept'?