From 08fab3ac55d12df0304b61232db3d547561b1bc0 Mon Sep 17 00:00:00 2001
From: Jan Sandbrink <j.sandbrink@openproject.com>
Date: Thu, 21 May 2026 09:21:25 +0200
Subject: [PATCH] Add comment to guide developers

The exception is already intended to nudge devs towards defining a permission.
However, first time developers might not realize in which way permissions are defined,
even though they can see the location where the exception was raised.

This comment is intended to help them find their way.
---
 app/services/authorization.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/services/authorization.rb b/app/services/authorization.rb
index 0aafb9acb30..95d73cef537 100644
--- a/app/services/authorization.rb
+++ b/app/services/authorization.rb
@@ -85,6 +85,8 @@ module Authorization
 
     if perms.blank?
       if !OpenProject::AccessControl.disabled_permission?(action)
+        # See https://www.openproject.org/docs/development/concepts/permissions/#definition-of-permissions
+        # if you are wondering where to define permissions
         Rails.logger.debug { "Used permission \"#{action}\" that is not defined. It will never return true." }
         raise UnknownPermissionError.new(action) if raise_on_unknown
       end