Defect #16743
closed
Project list lists all projects, even if user is not added to them
0%
Description
I added a new user group called "external employees" and just created a user for it.
When I log in, i can already see all projects - even when I have not added the external user to any project.
This seems like a security problem to me?
Updated by Peter L. almost 9 years ago
I meant that i created the group without ANY rights!
Updated by Rafał Lisowski almost 9 years ago
You sure the projects are not public?
I use version 2.5.1 and project list works as expected.
Peter L. wrote:
I meant that i created the group without ANY rights!
Updated by Peter L. almost 9 years ago
- Status changed from New to Resolved
Damn, thanks! Was set to public...
But could you maybe tell me, to hide the roadmap?
I just want a user, which can add tickets and see/change/delete only his own tickets? And not see the roadmap versions?
I'm somehow too dumb or its not possible?
Thanks!
Updated by Rafał Lisowski almost 9 years ago
That plugin may be helpfull for you https://github.com/efigence/redmine_project_form_extended
Damn, thanks! Was set to public...
I think it's not possible right now see http://www.redmine.org/projects/redmine/wiki/RedmineProjectSettings#Core-modules
There is "Manage version" permission for role (Administartino -> Roles and permissions -> some role) so you can disable adding new versions for role.
But could you maybe tell me, to hide the roadmap?
I just want a user, which can add tickets and see/change/delete only his own tickets? And not see the roadmap versions?
Updated by Jean-Philippe Lang almost 9 years ago
- Status changed from Resolved to Closed
- Resolution set to Invalid