mgorsk1
commented
2 days ago update on this - I think the issue might also be a discrepancy between how UI and Backend resolve permissions:
- UI: with exemplary policy mentioned in the original issue applied, I have 'edit test' and 'delete test' buttons inactive in UI (for all tests, both owned and not owned)
- Backend: with exemplary policy mentioned in the original issue applied, when making requests against API directly (
curl -XDELETE http://localhost:8585/api/v1/dataQuality/testCases/name/xyz) the policy works fine (I am denied /403/ when deleting tests I do not own but requests to delete tests that I am /inherited/ owner of, it works).
cc @TeddyCr
Is your feature request related to a problem? Please describe. I want to create a policy that would enable prohibiting any changes to tests cases (and incidents regarding these test cases) to be done by test case owner.
Describe the solution you'd like Since test case already has an owner, I would like to be able to create policy that allows management of test cases and incidents based on test case ownership. Namely, this is the policy with set of rules I have now defined:
and I would like it to work in such way that:
Currently, such policy doesn't work and I get permission denied (user xyz doesn't have EditTests permission) when reassigning the incident linked to the test case owned by me (it works if i remove
"condition": "isOwner()"part).Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.
Additional context Add any other context or screenshots about the feature request here.