- Used Zammad version: 6.3.1-1715932826.48881ba1.sles15
- Used Zammad installation type: package
- Operating system: SUSE Linux Enterprise Server 15 SP5
- Browser + version: Firefox 126.0
Expected behavior:
- Our Zammad installation is used by several departments. Each department is not allowed to read contents of other departments. So every department owns a single knowledge base category without reading permission for the other department.
Agents can create and edit answers in their own department’s category.
Actual behavior:
The top layer only grants reading-rights to agents and the individual department’s categories are given editing permissions to the corresponding role. But as an agent, I can only edit existing answers and am not authorized to create new answers/categories (error message). If there is a sub-category, agents seem to be allowed to create new answers in there.
This seems to be a bug because the agents have the rights to edit, but are not authorized to create new entries.
Steps to reproduce the behavior:
1 and 2: The first layer knowledge base grants each department reader permissions (only admins are allowed to edit the top)
1)
2)
3: In the category Team 1, only Team 1 has editor rights.
3)
4: View as a user of Team 1: cannot edit top layer, only sees his own category (which is right)
4)
5: User of team 1 can edit his own category
5)
6: gets an error message while trying to create a new answer or category.
6)
In the log:
I, [2024-05-22T13:15:37.423537#2605-1816500] INFO – : Parameters: {“parent_id”=>“4”, “category_icon”=>“f115”, “translations_attributes”=>[{
“title”=>“test”, “kb_locale_id”=>1, “content_attributes”=>{“body”=>“[FILTERED]”}}], “full”=>“true”, “knowledge_base_id”=>“1”}
I, [2024-05-22T13:15:37.433692#2605-1816500] INFO – : not allowed to create? this KnowledgeBase::CategoriesController (Pundit::NotAuthorizedE
rror)
app/controllers/application_controller/authorizes.rb:10:in authorize!' app/controllers/application_controller/authenticates.rb:143:in authenticate_and_authorize!’
I, [2024-05-22T13:15:37.434125#2605-1816500] INFO – : Not authorized (Exceptions::Forbidden)
7 so I, as an admin, created a new subcategory “New Category” in Team 1 with those permissions.
7)
8 as a user of Team 1, I can create new answers in the new sub-category
8)
To recap, agents can only edit existing knowledge base entries of their category and cannot create new ones.
Or could there be a connection/error with the fact that I have updated to the latest version?