Defect #16743
closed
Project list lists all projects, even if user is not added to them
0%
Description
I added a new user group called "external employees" and just created a user for it.
When I log in, i can already see all projects - even when I have not added the external user to any project.
This seems like a security problem to me?
Updated by Peter L. about 11 years ago
I meant that i created the group without ANY rights!
Updated by Rafał Lisowski about 11 years ago
You sure the projects are not public?
I use version 2.5.1 and project list works as expected.
Peter L. wrote:
I meant that i created the group without ANY rights!
Updated by Peter L. about 11 years ago
- Status changed from New to Resolved
Damn, thanks! Was set to public...
But could you maybe tell me, to hide the roadmap?
I just want a user, which can add tickets and see/change/delete only his own tickets? And not see the roadmap versions?
I'm somehow too dumb or its not possible?
Thanks!
Updated by Rafał Lisowski about 11 years ago
That plugin may be helpfull for you https://github.com/efigence/redmine_project_form_extended
Damn, thanks! Was set to public...
I think it's not possible right now see http://www.redmine.org/projects/redmine/wiki/RedmineProjectSettings#Core-modules
There is "Manage version" permission for role (Administartino -> Roles and permissions -> some role) so you can disable adding new versions for role.
But could you maybe tell me, to hide the roadmap?
I just want a user, which can add tickets and see/change/delete only his own tickets? And not see the roadmap versions?
Updated by Jean-Philippe Lang about 11 years ago
- Status changed from Resolved to Closed
- Resolution set to Invalid