Currently, permissions are only checked correctly when modifying existing items, not when creating items. The reason is that permission checks are title based, but we can only have a title after the item has been recorded in the database. Which we don't want to do if the user shouldn't be allow to create the item.
So... make a dummy title? or just check user rights, and not title based permissions?
Note: the ultimate permission check should be implemented in Item::save().
Version: master
Severity: critical
Whiteboard: storypoints: 5