don't accept signoffs unless they are required

[bhearsum]

Currently, a user can sign off on changes with any role they hold -- even if that role is not required for the change. This can be confusing, because it sometimes leads to changes having 2 required signoffs, and 2 signoffs having been done -- but one or both of them not being from a required group. At a glance, it looks like signoffs have been met when they haven't been.

We should stop accepting signoffs unless they are required for the change.

[srfraser]

With the releng-relman group not matching a sign-off that needs relman, is that also what users should expect?

If I read a requirement of '1 member from releng-relman' then I would expect that signing off as 'releng-relman', 'relman' or 'releng' would work, but I don't know if that's actually valid.

I don't know if it makes sense to sign off as 'releng-relman' unless the UI makes it clear that this is how we do or group memberships

[bhearsum]

If I read a requirement of '1 member from releng-relman' then I would expect that signing off as 'releng-relman', 'relman' or 'releng' would work, but I don't know if that's actually valid.

This is not how it works, but I think it's a fair assumption to make for anyone not intimately familiar with Balrog's internals. Making that assumption work is probably not an easy fix...I think the best path forward here, at least for now, is to change the UX in a way that helps users make correct assumptions.

[sarah-clements]

For the next person looking at this, the fix is simple but there's a bunch of duplicate code that someone might want to clean up (rather than just adding a one line of code in x number of places).

[jcristau]

Related: #1145

That was fixed recently in the UI for rule changes. I believe permission and release changes still have that issue.