diff --git a/CHANGELOG b/CHANGELOG
index 04625b01d616efef4d6c654309e66bdd19088814..154f498efcb581598adfda6a1a50a4c050237b63 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -25,6 +25,7 @@ v 7.13.0 (unreleased)
- Explicit error when commit not found in the CI
- Improve performance for issue and merge request pages
- Users with guest access level can not set assignee, labels or milestones for issue and merge request
+ - Reporter role can manage issue tracker now: edit any issue, set assignee or milestone and manage labels
v 7.12.0
- Fix Error 500 when one user attempts to access a personal, internal snippet (Stan Hu)
diff --git a/Gemfile b/Gemfile
index eb3917872f5496953ca8f181603aebcd1fba48d6..ec63c7eef8411a36f4df5fa17131f4e1a90c269d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -9,7 +9,7 @@ gem "default_value_for", "~> 3.0.0"
gem "mysql2", group: :mysql
gem "pg", group: :postgres
-# Auth
+# Authentication libraries
gem "devise", '3.2.4'
gem "devise-async", '0.9.0'
gem 'omniauth', "~> 1.2.2"
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 3ee3a7857ee11dc27a89954f5f439ce0132398f9..d3631d49ec6d71dcc6c3d1e18c3fec332e0ef816 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -155,7 +155,10 @@ class Ability
project_guest_rules + [
:download_code,
:fork_project,
- :create_project_snippet
+ :create_project_snippet,
+ :update_issue,
+ :admin_issue,
+ :admin_label,
]
end
@@ -163,9 +166,6 @@ class Ability
project_report_rules + [
:create_merge_request,
:create_wiki,
- :update_issue,
- :admin_issue,
- :admin_label,
:push_code
]
end
diff --git a/doc/permissions/permissions.md b/doc/permissions/permissions.md
index 8cfa7f9c876f35bd3c739dc9d518a2ad05ae42b1..70b7e17795dadd7daaf244e0ad264833c9449210 100644
--- a/doc/permissions/permissions.md
+++ b/doc/permissions/permissions.md
@@ -15,6 +15,8 @@ If a user is a GitLab administrator they receive all permissions.
| Pull project code | | ✓ | ✓ | ✓ | ✓ |
| Download project | | ✓ | ✓ | ✓ | ✓ |
| Create code snippets | | ✓ | ✓ | ✓ | ✓ |
+| Manage issue tracker | | ✓ | ✓ | ✓ | ✓ |
+| Manage labels | | ✓ | ✓ | ✓ | ✓ |
| Create new merge request | | | ✓ | ✓ | ✓ |
| Create new branches | | | ✓ | ✓ | ✓ |
| Push to non-protected branches | | | ✓ | ✓ | ✓ |
@@ -22,8 +24,6 @@ If a user is a GitLab administrator they receive all permissions.
| Remove non-protected branches | | | ✓ | ✓ | ✓ |
| Add tags | | | ✓ | ✓ | ✓ |
| Write a wiki | | | ✓ | ✓ | ✓ |
-| Manage issue tracker | | | ✓ | ✓ | ✓ |
-| Manage labels | | | ✓ | ✓ | ✓ |
| Create new milestones | | | | ✓ | ✓ |
| Add new team members | | | | ✓ | ✓ |
| Push to protected branches | | | | ✓ | ✓ |
diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb
index 8d1bfd2522337eef7eff0a7f7baf9b88755e8ff0..4649e58cb1a26903facef125ebb032a75e1ccd1b 100644
--- a/spec/features/security/project/internal_access_spec.rb
+++ b/spec/features/security/project/internal_access_spec.rb
@@ -138,6 +138,18 @@ describe "Internal Project Access", feature: true do
it { is_expected.to be_denied_for :visitor }
end
+ describe "GET /:project_path/issues/:id/edit" do
+ let(:issue) { create(:issue, project: project) }
+ subject { edit_namespace_project_issue_path(project.namespace, project, issue) }
+
+ it { is_expected.to be_allowed_for master }
+ it { is_expected.to be_allowed_for reporter }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for guest }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
describe "GET /:project_path/snippets" do
subject { namespace_project_snippets_path(project.namespace, project) }
diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb
index 9021ff331868772b533d7485235fd786e1d3ecb7..2866bf0355bf8a3627ceab121f989b09e7ee682f 100644
--- a/spec/features/security/project/private_access_spec.rb
+++ b/spec/features/security/project/private_access_spec.rb
@@ -138,6 +138,18 @@ describe "Private Project Access", feature: true do
it { is_expected.to be_denied_for :visitor }
end
+ describe "GET /:project_path/issues/:id/edit" do
+ let(:issue) { create(:issue, project: project) }
+ subject { edit_namespace_project_issue_path(project.namespace, project, issue) }
+
+ it { is_expected.to be_allowed_for master }
+ it { is_expected.to be_allowed_for reporter }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for guest }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
describe "GET /:project_path/snippets" do
subject { namespace_project_snippets_path(project.namespace, project) }
diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb
index 6ec190ed777e81a323a5c966777eecae8ad991b1..554c96bcdc538b9e4e045e0fce255c21285ed3c1 100644
--- a/spec/features/security/project/public_access_spec.rb
+++ b/spec/features/security/project/public_access_spec.rb
@@ -143,6 +143,18 @@ describe "Public Project Access", feature: true do
it { is_expected.to be_allowed_for :visitor }
end
+ describe "GET /:project_path/issues/:id/edit" do
+ let(:issue) { create(:issue, project: project) }
+ subject { edit_namespace_project_issue_path(project.namespace, project, issue) }
+
+ it { is_expected.to be_allowed_for master }
+ it { is_expected.to be_allowed_for reporter }
+ it { is_expected.to be_allowed_for :admin }
+ it { is_expected.to be_denied_for guest }
+ it { is_expected.to be_denied_for :user }
+ it { is_expected.to be_denied_for :visitor }
+ end
+
describe "GET /:project_path/snippets" do
subject { namespace_project_snippets_path(project.namespace, project) }