Project

General

Profile

Actions

Feature #3187

closed

"View Issues" user permission

Added by Rob Felix almost 16 years ago. Updated about 15 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Issues permissions
Target version:
Start date:
2009-04-16
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

Please add a "View Issues" user permission.


Files

view_own_issues.patch (11.3 KB) view_own_issues.patch Patch to add the view_own_issue permission Gilles Pietri, 2009-05-20 14:25
view_own_issues.patch (4.91 KB) view_own_issues.patch Correct patch file.. Gilles Pietri, 2009-05-20 14:32
added_checks.patch (2.23 KB) added_checks.patch Some added changes in helpers/application_helper.rb textilizable Thomas Pihl, 2009-05-21 23:19

Related issues

Related to Redmine - Feature #3384: issue permissionsClosed2009-05-18

Actions
Has duplicate Redmine - Defect #3404: Rendered link r+revision-no reveal to much in mouse-over tooltipClosed2009-05-21

Actions
Actions #1

Updated by Markus Knittig almost 16 years ago

There is such a permission, it's just hardcoded as public. Remove , :public => true in lib/redmine.rb to make it visible...

Actions #2

Updated by Jean-Philippe Lang almost 16 years ago

  • Category changed from Administration to Issues permissions
  • Target version set to 0.9.0
Actions #3

Updated by Jim Keller over 15 years ago

a 'View Own Issues' (e.g. issues assigned to you) permission might be useful as well. We have some roles where ideally they wouldn't be able to see any part of the project they're not involved in. Right now we're just setting up sub-projects to account for this situation, which is a reasonable alternative.

Actions #4

Updated by Gilles Pietri over 15 years ago

I'm working on this remotely, as there are numerous place where the view_issues permission doesn't seem enforced, and I need a given kind of user ("dumb mode") to view only issue they submit, and nothing else.. So I did quite some hacks, anybody interested in trying that out?

I will also issue a patch so as to start something at least... Since I'm quite new to redmine, and not that experienced with Rails, I'm sure knowledgeable people might review that efficiently :)

Actions #5

Updated by Thomas Pihl over 15 years ago

Yes, i am interested in trying it out (and helping in any way i can). This is a very much needed feature for us.

/T

Actions #6

Updated by Gilles Pietri over 15 years ago

OK, I finally did that, and diff'ed against SVN..

This adds a view_own_issue permission, and unset the public attribute for view_issues.
I modified the view & controller accordingly to take that into account. I also had to modify the query model, to take that into account.

I really have no experience with redmine, and only a light ruby background, so please feel free to suggest more elegant ways to do this. Especially, I'm not sure about how nice the permission attributes (lib/redmine.rb) should be set if cleaner that what I defined them too...

Enjoy ;)

Actions #7

Updated by Gilles Pietri over 15 years ago

Gilles Pietri wrote:

OK, I finally did that, and diff'ed against SVN..

OK, this is not the patch I intended to publish (diff between my 0.8.3 install and svn in case you wonder..). This is the good one.

Actions #8

Updated by Thomas Pihl over 15 years ago

Seems to work very well. I like it!

Perhaps one addition? When someone put you as watcher you should be able to see the issue? But then again, that might be a security issue.

/T

Actions #9

Updated by Thomas Pihl over 15 years ago

AND...

perhaps also if you have the issue assigned to you.

Actions #10

Updated by Thomas Pihl over 15 years ago

Found a small snag.

If a link to issues you're not allowed to view is rendered on wiki or repository, you're able to see Subject and Status on the mouse-over tooltip.

Actions #11

Updated by Thomas Pihl over 15 years ago

Added a patch for those checks. Check it out and modify to fit

Actions #12

Updated by Gilles Pietri over 15 years ago

Thomas Pihl wrote:

Seems to work very well. I like it!

Perhaps one addition? When someone put you as watcher you should be able to see the issue? But then again, that might be a security issue.

/T

Well it makes sense you should also see the one you're set to watch, gonna look into that.. Could anyone more "redmine-familiar" review that by the way?

Regards

Actions #13

Updated by Jens Goldhammer over 15 years ago

+1

Actions #14

Updated by Dmitry Shkolnikov over 15 years ago

+1

Actions #15

Updated by Gilles Pietri over 15 years ago

Hmm, I was considering an upgrade to 0.8.5 and tests on 0.9, then I found #337

Actions #16

Updated by Thomas Pihl over 15 years ago

This is NOT the same thing as #337.

Private issue means that a group (like support) could hide some issue from all others. #3187 means that each user only see their own reported/assigned issues. Both features are needed and they are not the same.

Actions #17

Updated by Pablo 09 over 15 years ago

I have tried on 0.8.5.devel.2902 and it donĀ“t run.

Mysql::Error: You have an error in your SQL syntax;

Actions #18

Updated by Marcel Evenson over 15 years ago

+1 for #3187 and #337. We've been waiting patiently for both of these to work their way into trunk .. but still no go. #337 was opened over 2 years ago with many many patches submitted and this was opened over 5 months ago.. still nothing .. I think this is a prime example were open source fails :(

Actions #19

Updated by Jose Luna over 15 years ago

Marcel Evenson wrote:

I think this is a prime example were open source fails :(

I think you mean "this is a prime example where open source is imperfect". If redmine had 'failed', then you wouldn't be using it. Clearly, when you considered all factors, redmine was the superior choice for your project management needs. Otherwise, you would have chosen a different software (there are plenty of commercial alternatives).

This may surprise you, but commercial software has the exact same problem delivering features that customers request. Not everyone needs this feature, and it's very hard to manage all of the requested features while keeping a coherent roadmap for the future and a clean codebase.

Actions #20

Updated by Thomas Pihl over 15 years ago

Marcel Evenson wrote:

+1 for #3187 and #337. We've been waiting patiently for both of these to work their way into trunk .. but still no go. #337 was opened over 2 years ago with many many patches submitted and this was opened over 5 months ago.. still nothing .. I think this is a prime example were open source fails :(

I'd like to disagree.

This is very much working open-source. There are a patch to implement already for #3187. If you cannot make it work, you can always hire someone to do it for you. It will still be better quality and cheaper than closed source, hands down. Both #337 and #3187 has been selected for 0.9 (work SOME ELSE is doing for us all). If they make it, it will be all good. If not, we can always patch by ourself (or by hired help). Let's all chip in with out +1 and offers to help coding (if we can) or testing (if we can't).

Just my 0.02 SEK (a very very cheap currency)

Actions #21

Updated by Jean-Philippe Lang about 15 years ago

  • Status changed from New to Closed
  • Resolution set to Fixed

View issues permission added in r3039.
Thanks to Jose and Thomas :-)

Actions #22

Updated by Patrick Hurrelmann about 15 years ago

Jean-Philippe Lang wrote:

View issues permission added in r3039.
Thanks to Jose and Thomas :-)

Whooohoo! Thank you very much Jean-Philippe :)
Now I'm only waiting for Eric with his implemenatation of #465
and 0.9 will rock (much more than it already does)! :D

Actions #23

Updated by Ho Nguyen about 15 years ago

Hi, I updated to the latest in trunk. Got the "View Issues" permission but its behaviour seemed not correct. When uncheck "View Issues" for a role, so user assigned to that role not able to see any issue, including his own issue. I thought this feature is allow user to see only his own issues, is that correct?

Actions #24

Updated by Stanislav German-Evtushenko about 15 years ago

  • Status changed from Closed to Reopened

Ho Nguyen wrote:

Hi, I updated to the latest in trunk. Got the "View Issues" permission but its behaviour seemed not correct. When uncheck "View Issues" for a role, so user assigned to that role not able to see any issue, including his own issue. I thought this feature is allow user to see only his own issues, is that correct?

Same for me

Actions #25

Updated by Jean-Philippe Lang about 15 years ago

  • Status changed from Reopened to Closed

Please re-read the initial request, and see #2653.

Actions #26

Updated by Stanislav German-Evtushenko about 15 years ago

Gilles Pietri wrote:

Hmm, I was considering an upgrade to 0.8.5 and tests on 0.9, then I found #337

Gilles, please pay attention on #2653

Actions #27

Updated by Stanislav German-Evtushenko about 15 years ago

Jean-Philippe Lang wrote:

Please re-read the initial request, and see #2653.

Hello Jean-Philippe,
Ok, I got about this feature.
There is one small bug here too. I can't see tasks in activity of head project (right behaviour), but I can see it in childs (wrong).

Actions #28

Updated by Gilles Pietri about 15 years ago

Yeah, I didn't find the other one at first, and this is not the same thing. #2653 will however fit my use case, so I'll give it a shot.. but it's roughly the same idea as of what my patch was intended to do. Leaving this issue alone for now ;)

Actions #29

Updated by Ho Nguyen about 15 years ago

Gilles Pietri wrote:

Yeah, I didn't find the other one at first, and this is not the same thing. #2653 will however fit my use case, so I'll give it a shot.. but it's roughly the same idea as of what my patch was intended to do. Leaving this issue alone for now ;)

Gilles, waiting for your patch to #2653, I tried your patch in this issue for trunk but not successful ...

Actions #30

Updated by Ho Nguyen about 15 years ago

Gilles Pietri wrote:

Yeah, I didn't find the other one at first, and this is not the same thing. #2653 will however fit my use case, so I'll give it a shot.. but it's roughly the same idea as of what my patch was intended to do. Leaving this issue alone for now ;)

Hi Gilles ... I have applied your patch to the trunk ant it worked perfectly for my case (don't allow customer to see internal issues). However, there is one side affect regarding the attachment. My customer cannot download the attachment if I set "view-own-issue" but got the 403 error "You are not authorized to access this page". Have you got the same issue?

Actions #31

Updated by Go MAEDA almost 10 years ago

  • Has duplicate Defect #3404: Rendered link r+revision-no reveal to much in mouse-over tooltip added
Actions

Also available in: Atom PDF