Use access rights to control who can view and edit tags

[ilpssun]

For our use-case, it would be great to have access rights that allow to specify whether a specific role can

• view tags
• edit tags

This way, we could allow developers to edit tags and all signed-in users to view tags, while anonymous users for example can’t see tags.

[danielvijge]

Added pull request #168 that adds the functionality to have edit permissions per role. Every role can view tags. Note sure if there is a use case to hide the tag list per role. If the role can see the issue, they can see the tags. That would be the same as hiding the title/description/etc of an issue per role, which is not default functionality.

[ilpssun]

@danielvijge Thanks for the development. I'm already keen on trying it out :-)

Regarding the use-case for "no viewing permission" for tags: To me this is the same as the access control for all kinds of fields of an issue. For example, we have some custom fields (like affected component) on the issue that are only visible to developers and also some standard fields (like estimated effort) that are not visible to just anyone. The way we use tags is that they are for the development team and they can contain info that is not appropriate for the general audience. That was my original reason for specifying both read and write permissions.

[danielvijge]

That would require a bit of more work:

• Add two new permissions
• Hide the tags when viewing an issue. This is very easy to do
• Hide the tags in the sidebar, also easy to do
• Hide the tags for wiki, also easy to do
• Hide the tag search option when filtering for issues, or make sure the dropdown is empty. Emptying the list is quite easy, but nicest is to hide the tag filter option altogether. This is a little harder. If so, it should also hide the option when tags are not enabled for a project
• Make sure the tags are not exposed using the JSON feed. Not sure yet.
• Hide the tag changes in the journal. Not sure how this can be done, or how easy it is.

[ilpssun]

Having control about who can edit tags would be a great step forward for us already. When can we expect the feature to appear in the releases?

[danielvijge]

See my comment at #168 (comment). There is a working implementation. It needs to be reviewed and tested, and a unit test needs to be written before it can be included in the main release. At the moment I don't have much time, so any help with that would be appreciated.