Role permissions not behaving as expected with CSV bulk upload

[chrisabo]

I created a role to allow a non-admin user with the following permissions:
Bulk Data Import
Edit Their Own Posts

Assigned that role to a new user.

When the user tries to upload the bulk import, user receives following error message:
Access Denied - Sorry, you're not allowed to do that.
User 10 is not allowed to import resource posts #0

Where was the bug observed
Self-hosted Ushahidi 3.0 site - www.librarysites.io

To Reproduce
Steps to reproduce the behavior:

1. Log in as admin user
2. Create role with following permissions - Bulk Data Import + Edit their own Posts - click save
3. Log out as admin user
4. Log in as "bulk import user"
5. Click on Settings
6. Click on Import
7. Go through steps to import CSV
8. Click on Finish Import
9. See error

Expected behavior
Expected that user would be able to upload the CSV file and then be able to edit the posts that were contained in the CSV file.

Is there a workaround? What is it.
Give additional permissions to Manage Posts - if I do this the user can then perform the bulk upload and edit the posts, but also has the ability to edit all posts in the deployment even those submitted by other users which is not something that I want to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

URL / Environment where this happened
www.librarysites.io

If the bug is datasource related (e.g. SMS or Targeted SMS), please specify the configuration details (e.g. Frontline + Clickatell, etc):
N/A

Desktop Hardware Details (please complete the following information):

• OS: Windows 10
• Browser Tried: Chrome
  -Version: 69.0.3497.100 (Official Build) (64-bit), also tested in Firefox, but found different bug

Additional context
No problem with bulk upload of same CSV under different account ()admin with all permissions). Also no problem of uploading CSV with the more limited user account if I check the "Manage Posts" permission box.

[rowasc]

@chrisabo thank you for reporting this issue. Our team will look into it and report back with our findings.

@Eve-wanderi could you please verify if this is happening in the latest production version, and let me know? if you have any questions on how to reproduce please ping me.
Thank you

[rowasc]

@Eve-wanderi bumping . See my message above

[rowasc]

I was able to verify this issue. Closing as duplicate of #3194 to address it.