Feature #13511
closedAdd a way to restrict access to the "Activity" feed for a particular role
0%
Description
The "Roles and permissions" screen has many options. But if I restrict access to certain types of information, those items still show up in the "Activity" tab when that user is logged in.
For example: I created a role "Customer" that has no access to the repository. However, users with that role can still see revision commit activity from subversion in the Activity tab. They can also see issues they don't have access to.
Environment:
Redmine version 2.0.3.stable
Ruby version 1.8.7 (x86_64-linux)
Rails version 3.2.6
Environment production
Database adapter MySQL
Redmine plugins:
redmine_mylyn_connector 2.8.2.stable
Related issues
Updated by Daniel Felix almost 12 years ago
Where is the use case for this?
The user could still get the information.
But another idea could be the permission "view activity". Maybe I could provide a patch after my hospital visit.
I mark this on my watch list.
Updated by Kyle Leber almost 12 years ago
My use case is I want to give a customer access to specific items without them having visibility into all of the ongoing activities. Thanks!
Updated by Daniel Felix almost 12 years ago
Sounds like this is the same request just different described #13512?
Updated by Holger Just 10 months ago
- Status changed from New to Closed
- Resolution set to Cant reproduce
The items shown in activity view and Atom feed are all filtered according to the current user's visibility, so that only activity whoch is actually visible to the user elsewhere is included there.
When checking the feeds, make sure to use the right atom key in the URL, i.e. the one of the checked user, not the one from an admin as the atom key identifies the user whose permissions are checked.
If you still observe items in the feed which should not be visible to a user, please re-open this issue and provide more information to allow us to reproduce this issue in a clean Redmine.