Usage rights should be based on permission "Edit Project", not on group id "PROJECT_ADMIN"

[freakalot]

Hi, we are using the plugin since a while and it works great so far. One thing which still bothers us is the problem that only sysadmins can see the slack tab in the project and therefore only they are able to configure it. Isn't there a way to make this tab with edit rights available to specific users?

[alexkvak]

Hi, this tab should be available for project admins

[freakalot]

Hi Alex, thanks for your quick response. Do you know which specific permission is responsible for this? We have set up our own roles and therefore don't use the predefined ones.

[alexkvak]

That's how it looks like in UI

Group can be created here /admin/admin.html?item=groups

[freakalot]

Ok, but I need to know which permission is responsible for this. As I said, we don't use the predefined Project administrator role but created a new one. Now I need to know which of the permissions I need to assign to our role that they can see the slack tab:

[alexkvak]

Unfortunately this check is based on role not permission com/fpd/teamcity/slack/PermissionManager.scala:54

[freakalot]

I see, but I think this is a bug, as the roles in Teamcity are just a collection of permissions and can be customized. I don't think that you should hardcode the rights to a default role. Not sure if its possible to create a new permission with a plugin, but it should either be linked to a permission, or you need to be able to overwrite the role for the plugin.

It is actually done properly in the same file in line 29:

private def isAdmin(request: Request): Boolean =
    request.exists(
      _.isPermissionGrantedGlobally(Permission.CHANGE_SERVER_SETTINGS)
    )```

[alexkvak]

AFAIK there is no way to create custom permission, you can assign to role only predefined permissions

[freakalot]

Even in this case, the correct sollution would be to check if the user has the "Edit project" permission to be able to use the slack settings. Not the name of a role.

[alexkvak]

It makes sense. And it's easy to implement.

But there is only one thing that should be carefully handled — is seems that is should be the major version change.