Status change even the user doesn't have permissions to comment without approvement

Pushing this to HEAD. These isn't a good way to solve this they way case tracker is currently setup.

I'm cleaning the module issues, so if somebody thinks that this issue does make sense yet, feel free to reopen.

Did anyone figure this out this is a huge issue for me. Anyone can change the project a case is assigned to and the case status even when they dont have permission to post a comment/comments moderated....

We still talking about Drupal 6 here? I can see the need, but will need to research best way to deploy without breaking case tracker sites? One way would be to require edit node access to change case status. Or to invent another permission?

Hi!

Sorry I dont understand your reply... after having casetracker for years and gettign ready for a kickstarter I just discovered this major issue

1) I cant make the content type not accessible to anybody... I need everyone to have accsess to it.
BUT NOT be able to change it.

2)Comments are set to moderation.... however any anonymous user is able to change case status, priority and even more dangerous change the project : (

3)It would be nice if only the person who created the case has the permission to edit the status/project/type

If you know any way that does not require additional roles to be created, or the content type to be changed (I already have thousands of cases)

I really appreciate it.

here is an example of the project management system in use at my site :

http://thecenterofthenet.com/node/60/projects

I so much appreciate any of your efforts. I think it is one of the best modules, and is really at the heart of my website.

Here is a patch that would deal with this issue. Will this approach work for you?

Wow, that looks like its great, I am going to bed now too late to try to roll it and test it out... but from looking at it, without installing it yet....

It looks as if it will still allow a broad amount of users to alter other people cases/projects.

Is it possible to add the permission

to "change any"
and "Change own"

because now all the permissions
+ 'change case project',
(Maybe add Change own projects and Change all projects)
+ 'change case priority',
(Maybe add Change own case priority and Change all case priorities)
+ 'change case status',
(Maybe add Change own case status and Change all case status)
+ 'change case type'
(Maybe add Change own case type and Change all case types)

Will allow all cases to be altered .

If you could keep those you added and add the additional Any/Own permission that would be great. As the patch stands now, if I understand it from quickly looking at it.... it will prevent anonymous users from making changes (which is great!) but there can still be chaos...

Now, I realize this is a separate issue.... In the future if you somehow where able to create the option to let case/project/priority changes to be done on a moderated bases....

For instance if a member changed the status/priority , etc, and the original case creator received notification and had to approve the changes....

That I think would be pretty cool.

That is definitely not a priority and as important as patch you have just created with any/all functionality..

However it would be a great feature if you were ever looking to expand on an already great module.

Thanks so much for your hard work.

I need to think about the any/all issue, but test this out and let me know what you think. I also noticed that the d6 version doesn't have the edit any case right... hmmm.... Will need to work on this.

Here is a different take on permissions refactoring that incorporates any and own permissions for everything except assign cases. The reason that I didn't do that is because it's a lot more complicated to implement given autocomplete, views, etc.

It needs thorough testing, which I'm hoping you can help on.

Great I am looking forward to it. I am teaching all day and will get home in about 6 hours and see how it works . Thanks for your great effort.

Great I am looking forward to it. I am teaching all day and will get home in about 6 hours and see how it works . Thanks for your great effort.

Awesome. Works great.

I was thinking, that perhaps you can have a requirement on case creation, that if a user is assigned, there could be the option on the case creation form to

-Allow assigned user to change case priority
-Allow assigned user to change case status

I can not see the need to allow the assigned user the choice to change the assigned project.

If these setting comflict with the permission to allow the user to change own status/priority only, then they should be over ridden on a case per case basis, in the situation that the case creater has assigned them to the case and granted them permission to change those options on the assigned case itself..

I think with that feature then this module would be perfect.

Perhaps one more thing....

There may be a situation that the user wants to have it be completely private... I mean in a way different than unpublished in which only they can read their own case , and perhaps the person who the case was assigned to....

And perhaps the option to assign multiple people to one case. And in the case multiple users were assigned to a case then allow users to change status/priority of the case they were assigned to would be applicable to all the users assigned.

Just some ideas for I think all possible reasonable future scenarios.

We're getting out of scope here and creeping rapidly.

You're getting rapidly beyond the point that I'm interested in supporting in complexity (especially in an aging 6.x branch), but if you desire, you could write your own form_alter hooks to adjust the permissions of the form.

Regardless, we are way beyond the bounds of the original request, and separate feature requests should be filed.

Need to start porting this to the 7.x branch.

Sorry. Your patch is great. I am just suggesting a total list of things missing. Definitely not a request, just a list as someone who has used this module for years what could be done to make it a little more usable if you were looking for input.

If you are able to add the options to allow assigned user to edit status/priority, that would be a great thing... but in no way as important as the patch you just created. Thank you so much. I will add a formal support request thread if you think it is something you might thinkl of doing. Good night and thank you.

Ported patch for the record.