Feature #1543
openSetting permissions for viewing the Activity page.
Added by José Campos over 16 years ago. Updated over 1 year ago.
0%
Description
There should be a permission option for granting or denying access to the Activity page. Note: for user that don't have access to logtime, it's even more relevant, since they can infer the time spent in each issue and have a notion of the work being done by the developers.
Files
locales_en.patch (1.03 KB) locales_en.patch | Michael Esemplare, 2013-01-30 06:40 | ||
redmine.rb.patch (770 Bytes) redmine.rb.patch | Michael Esemplare, 2013-01-30 06:40 | ||
default_data_loader.patch (2.51 KB) default_data_loader.patch | Michael Esemplare, 2013-01-30 07:05 | ||
view_activity_permission_trunk.patch (5.32 KB) view_activity_permission_trunk.patch | Patch against trunk r12982 (2.5-stable) | Michael Esemplare, 2014-03-19 07:27 |
Related issues
Updated by Mark Gallop over 16 years ago
I also think this is a good idea. I ended up creating a "restricted view" custom field for users so that I could hide many of the things that Redmine shows by default.
José, if you haven't already done it, you could edit lib/redmine.rb and make the following changes to restrict access to the Activity view.
# Permissions Redmine::AccessControl.map do |map| - map.permission :view_project, {:projects => [:show, :activity]}, :public => true + map.permission :view_project, {:projects => [:show]}, :public => true map.permission :search_project, {:search => :index}, :public => true map.permission :edit_project, {:projects => [:settings, :edit]}, :require => :member + map.permission :view_activity, {:projects => [:activity]} map.permission :select_project_modules, {:projects => :modules}, :require => :member
You would then need to set "View activity" in Administration -> "Roles and permissions" if you wanted a user to see the activity.
Mark
Updated by Ricardo V.C. over 16 years ago
Hello:
I am also interestedd about this feature, Mark I've tried your solution,I get the checkbox in the role view but no effect after restarting redmine. :(
regards
Updated by Mark Gallop over 16 years ago
Richardo,
Are you trying out the permissions as a user with "administrator" set? If so, try testing it with a non-admin user who has "View activity" unchecked.
If that doesn't work, let me know and I will have another look at what I changed.
Cheers,
Mark
Updated by Ricardo V.C. over 16 years ago
Hello Mark:
No, the user I'm trying with has the flag "administrator" off. :(
I can move the rhtml page out but it's very ugly solution.
thx for your help
Regards
Updated by Lane Roathe almost 16 years ago
Another ping for this feature in the core.
Mark, I did your quick update and I was able to disable Activity views for roles. Thanks for sharing that!
PS: Seems related to Issue #849.
Updated by Lane Roathe almost 16 years ago
Ok, so now the question I have is: how do I prevent access to the
- Overview
- Roadmap
- Issues
tabs?
Updated by Wim DePreter about 12 years ago
What's the status for this issue?
I have a simular request for hiding activity-tab, but I think it should be a user setting (set by administrator), because activity log can also be consulted per user.
We're using Redmine internally for the moment. Now we want to use it also with our customers, but we don't want that our customers consult the activity page, so disabling the activity page only for them (on projects, users, ...) would be really nice.
Updated by Michael Esemplare almost 12 years ago
- File locales_en.patch locales_en.patch added
- File redmine.rb.patch redmine.rb.patch added
- File default_data_loader.patch default_data_loader.patch added
I have attached a patch for redmine 2.2.
Note: Looking at redmine 2.1 the patch should be fine. However looking at redmine 2.0 and 1.x, you might need to remove the :read => true
attribute.
I also took a stab at patching the default_data/loader.rb. Didn't test the loader because I don't have a blank install at hand.
Wim De Preter,
This is a role based patch. You will have to update any existing roles to include the "View Activity" permission.
I do not know how your Redmine is set up, but creating groups for your customers eases the permissions process. This way you create a group for your customers, add the customers to the group or groups, and then assign the group to a project with a role. Then anyone in that group has that role and any permission changes will be inherited.
Updated by Mathias K. over 11 years ago
This patch will not disable the "Overall activity" link on the project page. Any hints?
Updated by Michael Esemplare over 11 years ago
Mathias,
That is true, there were other places the activity is accessible that I did not know at the time. One for example is the user's page, it displays information about the user including activity. I have patched internally and will try to come up with a decent patch here.
Another thing outside of this issue that could have access control:- Issue summaries - http://your.redmine.site/projects/project_name/issues/report
This one site I'm building the customer doesn't want the users to have any access to these.
Updated by Gurvan Le Dromaguet almost 11 years ago
+1 Implementing patch on my site.
Updated by Michael Esemplare over 10 years ago
- Fixes the Overall activity link on the project page
- Does not show user activity on user's page unless they can view activity (i.e. http://www.redmine.org/users/38840)
The patch is against trunk r12982 (2.5-stable), so you might not be able to run `patch -p0 -i view_activity_permission_trunk.patch`
on your redmine install.
All modifications should work with 2.1+, tested with 2.2, 2.4 and 2.5 stable.
As noted previously, if running redmine 2.0 and 1.x, you might need to remove the :read => true
attribute in lib/redmine.rb.
Updated by Mark Stroeve almost 10 years ago
Michael Esemplare wrote:
I've added an updated patch that:
- Fixes the Overall activity link on the project page
- Does not show user activity on user's page unless they can view activity (i.e. http://www.redmine.org/users/38840)
The patch is against trunk r12982 (2.5-stable), so you might not be able to run
`patch -p0 -i view_activity_permission_trunk.patch`
on your redmine install.All modifications should work with 2.1+, tested with 2.2, 2.4 and 2.5 stable.
As noted previously, if running redmine 2.0 and 1.x, you might need to remove the
:read => true
attribute in lib/redmine.rb.
We use this patch its working great. The only problem is that we have to apply the patch every time gets updated. And the patch doesnt work out of the box with 2.6.1
How would we get this patch (or updated version) to be part of te redmine core?
Its seems to be a nice enhancement.
Updated by Jean-Philippe Lang almost 10 years ago
- Target version set to Candidate for next major release
The problem with the latest patch is that a user who is allowed to view the activity on a single project will be able to see all projects' activity on the cross project activity page. Is it the expected behaviour? I think he should only see the activity of the projects for which he has the view_activity permission.
Updated by Gregory Van der Steen about 8 years ago
+1
Applied a modified version of the patch (+loader) on redmine 3.3.x and it's working as aspected. I am glad this issue is targeted for the next major release.