Right now the permissions usage in subresource views is weird, and for actions a user that can issue can also review an item. In the case of TimeSheetActionView it's not obvious because after checking the permissions we also check that the user is a team supervisor before we allow a review, but in the case of ResourceProjectAssignmentView there's no such check.
We need to redesign that to manage this better. In the meantime, I will add the same hacky check that we have in timesheets for assignments.
Right now the permissions usage in subresource views is weird, and for actions a user that can issue can also review an item. In the case of TimeSheetActionView it's not obvious because after checking the permissions we also check that the user is a team supervisor before we allow a review, but in the case of ResourceProjectAssignmentView there's no such check.
We need to redesign that to manage this better. In the meantime, I will add the same hacky check that we have in timesheets for assignments.