Task #2002
closed
Managers of contracts ended in the past shouldn't be able to change roles for currect contract
Added by Tomáš Doischer over 4 years ago.
Updated almost 4 years ago.
Description
The situation is as follows:
- a user has a contract C and a manager A
- contract C ends and a new contract D is created for the user
- problem: manager A still can change roles for the contract D and approve role requests on contract D eventhough he is not the manager of the contract D
This is an issue closely related to the one in #1146 but probably easier to fix (maybe ended contracts will not have a manager).
Just to add, we do want a manager of contract valid in future to be able to change roles of the contract.
- Assignee changed from Radek Tomiška to Tomáš Doischer
UC: When new contract D is not created, then no manager can edit this identity. This is the reason, why are evaluators for subordinates designed this way (contract state is ignored for subordinates).
Are you sure about this requirement?
- Parent task deleted (
#1146)
- Related to Feature #1146: Managers should change roles only for the contracts, for which they are managers added
- Assignee changed from Tomáš Doischer to Radek Tomiška
After the discussion on Slack, we arrived at the conclusion that we do need the manager of an ended contract to manully edit the user. So we would like it to work like this:
A manager of a contract ended in the past
- CAN edit the identity
- CANNOT approve its role requests (no tasks should be created for the manager)
Can you please implement this?
- Assignee changed from Radek Tomiška to Vladimír Kotýnek
We didn't finish a discussion for this requirement, the last question remains open:
Do we need to the manager of an ended contract can edit the user?
Could you please confirm this requirement coming from your project only?
- Related to Task #2204: Authorization policies: Add permission to identity by contract (transitively) added
- Status changed from New to In Progress
- Assignee changed from Vladimír Kotýnek to Radek Tomiška
- Target version set to 10.3.0
We have consensus to implement this feature as original requirement says, so ended contract will not have a manager.
Summary: A manager of a contract ended in the past
- CANNOT edit the identity
- CANNOT approve its role requests (no tasks should be created for the manager)
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 90
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 50
As we consulted on friday - we need all variants, because managers of invalid contract have to be provisioned.
So all changes above have to be refactored and new filter has to be created and used in requests and security.
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 50 to 90
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
I did review and test. Manager cannot change roles for expired subordinate's contract now. If a contract is future valid, then assigned roles can be modified by manager.
Thnaks for this feature.
- Status changed from Resolved to Closed
- Related to Task #3129: The EavCodeContractByManagerFilter returns subordinates from expired contracts added
Also available in: Atom
PDF