Project

General

Profile

Actions

Feature #13511

closed

Add a way to restrict access to the "Activity" feed for a particular role

Added by Kyle Leber about 11 years ago. Updated 20 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Cant reproduce

Description

The "Roles and permissions" screen has many options. But if I restrict access to certain types of information, those items still show up in the "Activity" tab when that user is logged in.

For example: I created a role "Customer" that has no access to the repository. However, users with that role can still see revision commit activity from subversion in the Activity tab. They can also see issues they don't have access to.

Environment:
Redmine version 2.0.3.stable
Ruby version 1.8.7 (x86_64-linux)
Rails version 3.2.6
Environment production
Database adapter MySQL
Redmine plugins:
redmine_mylyn_connector 2.8.2.stable


Related issues

Related to Redmine - Feature #13512: Add a way to make specific issues visible to a userClosed

Actions
Actions #1

Updated by Daniel Felix about 11 years ago

Where is the use case for this?
The user could still get the information.

But another idea could be the permission "view activity". Maybe I could provide a patch after my hospital visit.
I mark this on my watch list.

Actions #2

Updated by Kyle Leber about 11 years ago

My use case is I want to give a customer access to specific items without them having visibility into all of the ongoing activities. Thanks!

Actions #3

Updated by Daniel Felix about 11 years ago

Sounds like this is the same request just different described #13512?

Actions #4

Updated by Holger Just 20 days ago

  • Status changed from New to Closed
  • Resolution set to Cant reproduce

The items shown in activity view and Atom feed are all filtered according to the current user's visibility, so that only activity whoch is actually visible to the user elsewhere is included there.

When checking the feeds, make sure to use the right atom key in the URL, i.e. the one of the checked user, not the one from an admin as the atom key identifies the user whose permissions are checked.

If you still observe items in the feed which should not be visible to a user, please re-open this issue and provide more information to allow us to reproduce this issue in a clean Redmine.

Actions

Also available in: Atom PDF