Redmine Groups API is restricted to admin users

[24367dfa]

Checking for the API-Tokens users groups returns an empty list unless the current user has Admin rights on the corresponding Redmine server.

RedmineActionablesCollector/app.py

Line 148 in 1c2e022

for group in rm_user.groups:

Redmine API docs: https://www.redmine.org/projects/redmine/wiki/Rest_Groups

The only solution for that problem i can think of is putting a valid api token with admin rights into the deployment. This is obviously not a good one.

[penguineer]

I believe that is a problem that needs to be solved on the Redmine side. :(

There is no API key in the deployment. The tool works with a key that is provided by the caller and otherwise configuration- and state-less.

[penguineer]

I've put that as "help wanted" - but the help must be applied to Redmine or another method for accessing the groups be found.

[24367dfa]

I still think that limitation should be commented in the code or in somewhere else in the interface. Otherwise users of the service won't notice issues that are assigned to their groups. Especially when exclusively using this service to interact with the issue tracker.

[penguineer]

I'm still thinking how to do this.

The RedmineActionablesCollector is tied to Redmine, obviously. But the result is not and the only reference to Redmine is the URI field in the header.

I might add a comment (or even warning?) saying that groups are broken for Redmine, other than that a Redmine-specific effect on the Result would break the API.

[penguineer]

First step on the Redmine side: https://www.redmine.org/issues/12795

[penguineer]

This problem is partially solved in https://github.com/penguineer/RedmineActionablesCollector/releases/tag/v0.2.0 and https://github.com/penguineer/ActionablesWeb/releases/tag/v0.3.0

For a complete solution changes to the Redmine API are necessary.