Skip to content

feat: implement executor features for read users via config #2017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ruodeng wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: implement executor features for read users via config #2017

ruodeng wants to merge 1 commit into from

Conversation

@ruodeng
Copy link

@ruodeng ruodeng commented Dec 22, 2025

Description

This PR refines the "Executor" role permissions by splitting the broad enableexecutorfeatures configuration into two granular flags. This provides administrators with finer control over what "Read-only" users can do within the system.

💡 Motivation

Previously, enableexecutorfeatures bundled several distinct permissions (commenting, editing assigned tasks, and creating tasks). This led to an "all-or-nothing" approach which was often too permissive.

This change allows decoupling these capabilities:

  • Granular Control: Admins can now allow commenting without allowing task editing, or vice-versa.
  • Security & Logic: It removes the implicit ability for "Read" users to create tasks, ensuring task creation is strictly reserved for users with Write permissions or higher, aligning with standard RBAC (Role-Based Access Control) expectations.

🛠 Changes

Backend:

  • Config: Deprecated service.enableexecutorfeatures. Added service.enablereadercomments and service.enableassigneeedit.
  • API: Updated /info endpoint to expose ReaderCommentsEnabled and AssigneeEditEnabled.
  • Models/Permissions:
    • TaskComment.CanCreate: Now toggled by ServiceEnableReaderComments.
    • Task.CanUpdate: Now toggled by ServiceEnableAssigneeEdit.
    • Task.CanCreate: Removed the legacy logic that allowed "Read" users to create tasks.

Frontend:

  • Store: Updated config store to support the new granular flags.
  • Views:
    • TaskDetailView.vue: Updated canComment and canWrite logic to check the new flags and verify if the user is the assignee/creator.
    • UI Cleanup: Reverted broad "write" checks in ProjectList and ProjectKanban to hide creation UI elements (like "Add Task" buttons) from users with only Read access.

⚙️ Configuration

The following settings are now available in config.yml:

service:
  # Allows users with Read access to comment on tasks
  enablereadercomments: true 
  # Allows users with Read access to edit tasks IF they are the assignee or creator
  enableassigneeedit: true

@ruodeng
feat: implement executor features for read users via config
0bd638d 
Splits the original enableexecutorfeatures flag into enablereadercomments and enableassigneeedit settings for granular control. This change includes all backend and frontend modifications to support commenting and task editing for read-only users.
@kolaente
Copy link
Member

kolaente commented Dec 22, 2025

But there is no "Executor" role?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

waiting for reply

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ruodeng @kolaente