openpsa
openpsa copied to clipboard
Task status change checks should be ACL-based
Reported by flack on 13 Jul 1935 16:25 UTC Right now, only a task's manager can do certain task status changes, making the workflow quite inflexible, especially since some steps can't be skipped. OTOH, anybody with update privileges can just modify the task to enter themselves as manager, so it isn't even a security feature.
So this should be replaced by a component privilege (which could be given to the task's manager by default)
Migrated-From: http://trac.openpsa2.org/ticket/108