Project

General

Profile

Actions

Defect #16743

closed

Project list lists all projects, even if user is not added to them

Added by Peter L. over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:

Description

I added a new user group called "external employees" and just created a user for it.

When I log in, i can already see all projects - even when I have not added the external user to any project.
This seems like a security problem to me?

Actions #1

Updated by Peter L. over 10 years ago

I meant that i created the group without ANY rights!

Actions #2

Updated by Rafał Lisowski over 10 years ago

You sure the projects are not public?
I use version 2.5.1 and project list works as expected.

Peter L. wrote:

I meant that i created the group without ANY rights!

Actions #3

Updated by Peter L. over 10 years ago

  • Status changed from New to Resolved

Damn, thanks! Was set to public...

But could you maybe tell me, to hide the roadmap?
I just want a user, which can add tickets and see/change/delete only his own tickets? And not see the roadmap versions?
I'm somehow too dumb or its not possible?

Thanks!

Actions #4

Updated by Rafał Lisowski over 10 years ago

That plugin may be helpfull for you https://github.com/efigence/redmine_project_form_extended

Damn, thanks! Was set to public...

I think it's not possible right now see http://www.redmine.org/projects/redmine/wiki/RedmineProjectSettings#Core-modules
There is "Manage version" permission for role (Administartino -> Roles and permissions -> some role) so you can disable adding new versions for role.

But could you maybe tell me, to hide the roadmap?
I just want a user, which can add tickets and see/change/delete only his own tickets? And not see the roadmap versions?

Actions #5

Updated by Peter L. over 10 years ago

Hmm ok..

Thanks for your answers!

Actions #6

Updated by Jean-Philippe Lang over 10 years ago

  • Status changed from Resolved to Closed
  • Resolution set to Invalid
Actions

Also available in: Atom PDF