Skip to content

bug(scope): auditor role can create project #355

New issue
New issue
Open
Open
bug(scope): auditor role can create project#355
Labels
bugSomething isn't working
@TheTipsyKorrigan

Description

@TheTipsyKorrigan
TheTipsyKorrigan
opened on Jan 21, 2026

Current Behavior

Hello,

At the first look, users with auditor role have read only access to the projects they are assigned to.

However, they are able to create new projects. Of course, they can not access to these projects because they are not assigned to them.
Additionally, the button delete project is available but deletion attempts returned an error.

Expected Behavior

The users with auditor role should not be able to create project.
They should not see the button delete project.

Steps To Reproduce

Scenario: Create project

  1. Create a user, assign the role auditor and a project.
  2. Authenticate with the auditor user
  3. On the top of the screen, next to the field search, click the menu "Projects" and then "Create New Project"
  4. Enter the project name and click "Create Project"
    Actual result: project is created

Scenario: Delete project

  1. Create a user, assign the role auditor and a project.
  2. Authenticate with the auditor user
  3. Go to Projects list "/project/list"
  4. For each line deletion action is available

Environment

- reNgine: 2.2.1
- Python: 3
- Docker Engine: 25.0.8
- Browser: Firefox

Anything else?

No response

Acknowledgements

  • This issue is not a duplicate of an existing bug report.
  • I have chosen an appropriate title.
  • All requested information has been provided properly.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions