Project

General

Profile

Actions

Feature #1543

open

Setting permissions for viewing the Activity page.

Added by José Campos over 16 years ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Category:
Permissions and roles
Start date:
2008-06-28
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

There should be a permission option for granting or denying access to the Activity page. Note: for user that don't have access to logtime, it's even more relevant, since they can infer the time spent in each issue and have a notion of the work being done by the developers.


Files

locales_en.patch (1.03 KB) locales_en.patch Michael Esemplare, 2013-01-30 06:40
redmine.rb.patch (770 Bytes) redmine.rb.patch Michael Esemplare, 2013-01-30 06:40
default_data_loader.patch (2.51 KB) default_data_loader.patch Michael Esemplare, 2013-01-30 07:05
view_activity_permission_trunk.patch (5.32 KB) view_activity_permission_trunk.patch Patch against trunk r12982 (2.5-stable) Michael Esemplare, 2014-03-19 07:27

Related issues

Has duplicate Redmine - Feature #849: Roles and PermissionsClosed2008-03-14

Actions
Actions #1

Updated by Mark Gallop over 16 years ago

I also think this is a good idea. I ended up creating a "restricted view" custom field for users so that I could hide many of the things that Redmine shows by default.

José, if you haven't already done it, you could edit lib/redmine.rb and make the following changes to restrict access to the Activity view.

 # Permissions
 Redmine::AccessControl.map do |map|
-  map.permission :view_project, {:projects => [:show, :activity]}, :public => true
+  map.permission :view_project, {:projects => [:show]}, :public => true
   map.permission :search_project, {:search => :index}, :public => true
   map.permission :edit_project, {:projects => [:settings, :edit]}, :require => :member
+  map.permission :view_activity, {:projects => [:activity]}
   map.permission :select_project_modules, {:projects => :modules}, :require => :member

You would then need to set "View activity" in Administration -> "Roles and permissions" if you wanted a user to see the activity.

Mark

Actions #2

Updated by José Campos over 16 years ago

Thanks, Mark, I'll try it.

Actions #3

Updated by Ricardo V.C. over 16 years ago

Hello:

I am also interestedd about this feature, Mark I've tried your solution,I get the checkbox in the role view but no effect after restarting redmine. :(

regards

Actions #4

Updated by Mark Gallop over 16 years ago

Richardo,

Are you trying out the permissions as a user with "administrator" set? If so, try testing it with a non-admin user who has "View activity" unchecked.

If that doesn't work, let me know and I will have another look at what I changed.

Cheers,
Mark

Actions #5

Updated by Ricardo V.C. over 16 years ago

Hello Mark:

No, the user I'm trying with has the flag "administrator" off. :(
I can move the rhtml page out but it's very ugly solution.
thx for your help

Regards

Actions #6

Updated by Lane Roathe almost 16 years ago

Another ping for this feature in the core.

Mark, I did your quick update and I was able to disable Activity views for roles. Thanks for sharing that!

PS: Seems related to Issue #849.

Actions #7

Updated by Lane Roathe almost 16 years ago

Ok, so now the question I have is: how do I prevent access to the

  1. Overview
  2. Roadmap
  3. Issues

tabs?

Actions #8

Updated by Wim DePreter about 12 years ago

What's the status for this issue?
I have a simular request for hiding activity-tab, but I think it should be a user setting (set by administrator), because activity log can also be consulted per user.
We're using Redmine internally for the moment. Now we want to use it also with our customers, but we don't want that our customers consult the activity page, so disabling the activity page only for them (on projects, users, ...) would be really nice.

Actions #9

Updated by Michael Esemplare almost 12 years ago

I have attached a patch for redmine 2.2.

Note: Looking at redmine 2.1 the patch should be fine. However looking at redmine 2.0 and 1.x, you might need to remove the :read => true attribute.

I also took a stab at patching the default_data/loader.rb. Didn't test the loader because I don't have a blank install at hand.

Wim De Preter,
This is a role based patch. You will have to update any existing roles to include the "View Activity" permission.

I do not know how your Redmine is set up, but creating groups for your customers eases the permissions process. This way you create a group for your customers, add the customers to the group or groups, and then assign the group to a project with a role. Then anyone in that group has that role and any permission changes will be inherited.

Actions #10

Updated by Mathias K. over 11 years ago

This patch will not disable the "Overall activity" link on the project page. Any hints?

Actions #11

Updated by Michael Esemplare over 11 years ago

Mathias,

That is true, there were other places the activity is accessible that I did not know at the time. One for example is the user's page, it displays information about the user including activity. I have patched internally and will try to come up with a decent patch here.

Another thing outside of this issue that could have access control:

This one site I'm building the customer doesn't want the users to have any access to these.

Actions #12

Updated by Florian Kaiser almost 11 years ago

+1

Actions #13

Updated by Gurvan Le Dromaguet almost 11 years ago

+1 Implementing patch on my site.

Actions #14

Updated by Y Z almost 11 years ago

+1

Actions #15

Updated by Michael Esemplare almost 11 years ago

I've added an updated patch that:

The patch is against trunk r12982 (2.5-stable), so you might not be able to run `patch -p0 -i view_activity_permission_trunk.patch` on your redmine install.

All modifications should work with 2.1+, tested with 2.2, 2.4 and 2.5 stable.

As noted previously, if running redmine 2.0 and 1.x, you might need to remove the :read => true attribute in lib/redmine.rb.

Actions #16

Updated by Mark Stroeve almost 10 years ago

Michael Esemplare wrote:

I've added an updated patch that:

The patch is against trunk r12982 (2.5-stable), so you might not be able to run `patch -p0 -i view_activity_permission_trunk.patch` on your redmine install.

All modifications should work with 2.1+, tested with 2.2, 2.4 and 2.5 stable.

As noted previously, if running redmine 2.0 and 1.x, you might need to remove the :read => true attribute in lib/redmine.rb.

We use this patch its working great. The only problem is that we have to apply the patch every time gets updated. And the patch doesnt work out of the box with 2.6.1

How would we get this patch (or updated version) to be part of te redmine core?
Its seems to be a nice enhancement.

Actions #17

Updated by Jean-Philippe Lang almost 10 years ago

  • Target version set to Candidate for next major release

The problem with the latest patch is that a user who is allowed to view the activity on a single project will be able to see all projects' activity on the cross project activity page. Is it the expected behaviour? I think he should only see the activity of the projects for which he has the view_activity permission.

Actions #18

Updated by Oleg Aksenov almost 10 years ago

+1

Actions #19

Updated by Gregory Van der Steen about 8 years ago

+1

Applied a modified version of the patch (+loader) on redmine 3.3.x and it's working as aspected. I am glad this issue is targeted for the next major release.

Actions #20

Updated by eendalljuine eendalljuine about 7 years ago

  • File 130.gif added
Actions #21

Updated by Mischa The Evil about 7 years ago

  • File deleted (130.gif)
Actions #22

Updated by Alessandro Zucchi over 6 years ago

+1

Actions #23

Updated by Aleksandar Pavic over 4 years ago

+1

This is also related to:

#2585, #9930

Actions #25

Updated by Jérôme Gallot over 1 year ago

+1

Actions

Also available in: Atom PDF