Expected Behavior (or desired behavior if a feature request)
I granted usergroup HUserGroup the permissions to create assets and edit assets. They do not have permission to View Asset etc. I would expect this to mean that a user in HUserGroup can add assets into the system, but not see assets created by others.
Actual Behavior
They do not get a menu option to create assets. They also cannot create assets (Sadpanda error after clicking Save on the asset log form - I accessed it directly via the URL instead of looking for a menu). If I grant HUserGroup the permission to view assets, they can then create assets.
Please confirm you have done the following before posting your bug report:
Please provide answers to these questions before posting your bug report:
Version of Snipe-IT you're running
v3.5.2-11-g5a835a5
What OS and web server you're running Snipe-IT on
Ubuntu 16.04 LTS, Apache2.4.18, PHP 7.0.8-0ubuntu0.16.04.3, Laravel 5.2.45
What method you used to install Snipe-IT (install.sh, manual installation, docker, etc)
Manual installation
If you're getting an error in your browser, include that error
No error showing in console
What specific Snipe-IT page you're on, and what specific element you're interacting with to trigger the error
As above - it's failing gracefully to the Sadpanda permission error page after submitting a new asset on /hardware/create
If a stacktrace is provided in the error, include that too.
NA
Any errors that appear in your browser's error console.
NA
Confirm whether the error is reproduceable on the demo.
It is - I set up my own installation just to test this issue, because I know that there are restrictions with permissions on the demo
Include any additional information you can find in app/storage/logs and your webserver's logs.
Not seeing any relevant errors in the server web logs. There's a long stack trace in /storage/logs/laravel.log but it doesn't look like a problem.
Include what you've done so far in the installation, and if you got any error messages along the way.
Vanilla build on a fresh LAMP stack on a Linode server. All I've done is add some custom fields, a custom fieldset, and a couple of manufacturers.
Indicate whether or not you've manually edited any data directly in the database
No
The assumption is that if a user can add an asset, they can see assets. (Otherwise, they can't even see the ones they created.) This is working as expected in your scenario.
Expected Behavior (or desired behavior if a feature request)
I granted usergroup HUserGroup the permissions to create assets and edit assets. They do not have permission to View Asset etc. I would expect this to mean that a user in HUserGroup can add assets into the system, but not see assets created by others.
Actual Behavior
They do not get a menu option to create assets. They also cannot create assets (Sadpanda error after clicking Save on the asset log form - I accessed it directly via the URL instead of looking for a menu). If I grant HUserGroup the permission to view assets, they can then create assets.
Please confirm you have done the following before posting your bug report:
Please provide answers to these questions before posting your bug report:
app/storage/logs
and your webserver's logs. Not seeing any relevant errors in the server web logs. There's a long stack trace in /storage/logs/laravel.log but it doesn't look like a problem.