https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292014-09-24T08:21:52ZRedmineRedmine - Feature #17747: Private roleshttps://www.redmine.org/issues/17747?journal_id=588162014-09-24T08:21:52ZToshi MARUYAMA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-1 priority-4 priority-default" href="/issues/7645">Defect #7645</a>: Issue summary should filter Assignee & Author lists</i> added</li></ul> Redmine - Feature #17747: Private roleshttps://www.redmine.org/issues/17747?journal_id=588182014-09-24T08:22:17ZToshi MARUYAMA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/11724">Feature #11724</a>: Prevent users from seeing other users based on their project membership</i> added</li></ul> Redmine - Feature #17747: Private roleshttps://www.redmine.org/issues/17747?journal_id=617252015-02-26T11:17:35ZWim DePreter
<ul></ul>With implementation of <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: Prevent users from seeing other users based on their project membership (Closed)" href="https://www.redmine.org/issues/11724">#11724</a>, my requested optional permission "view private users" should be changed into an extra option for Users visibility, which should have 3 options:
<ul>
<li>(existing) All active users</li>
<li>(existing) All members of visible projects</li>
<li>(new) All non-private members of visible projects</li>
</ul>
Some use-cases
<ol>
<li>Give readonly-access for a private project to users without being visible to other users (f.e. for reporting)</li>
<li>Hide "internal" users (this is our case)<br />we have a private project per customer and:</li>
<ul>
<li>all "internal" users should have access (via private role) to all customer projects</li>
<li>"customer" user should only see
<ul>
<li>other users of the same customer (by definition, customer user has only access to his project) </li>
<li>account manager for that customer ("account manager" is a not-private role)</li>
<li>none of the (other, i.e. different from the account manager) "internal" users</li>
</ul></li>
</ul></li>
</ol>
<p>I see also a relationship with <a class="issue tracker-2 status-1 priority-4 priority-default" title="Feature: Private Users (New)" href="https://www.redmine.org/issues/6015">#6015</a> and <a class="issue tracker-2 status-1 priority-4 priority-default" title="Feature: Concept for controlling visibility of users (New)" href="https://www.redmine.org/issues/13533">#13533</a></p> Redmine - Feature #17747: Private roleshttps://www.redmine.org/issues/17747?journal_id=623672015-03-18T10:49:02ZWim DePreter
<ul><li><strong>File</strong> <a href="/attachments/13336">private_role_redmine_3.0.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/13336/private_role_redmine_3.0.patch">private_role_redmine_3.0.patch</a> added</li></ul><p>I've no experience with Ruby, but inspired by (and building on) the modifications for <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: Prevent users from seeing other users based on their project membership (Closed)" href="https://www.redmine.org/issues/11724">#11724</a>, I've created a patch.<br />It's very basic (created with trial and error), and maybe there are still some issues with it.</p>
Usage:
<ul>
<li>A role is private if name begins with "private." <br /> (this should be a new "private" attribute on roles, but I don't want to introduce database-changes with a patch)</li>
<li>Only administrator can assign a private role to a user/group</li>
</ul>
Remarks:
<ul>
<li>Patch doesn't work for Custom User Fields (we don't use these, and I couldn't find how to filter the list)</li>
<li>Role option user visibility = "Members of visible projects" is always considered as "All non-private members of visible projects" </li>
<li>I've reverted a change from <a class="changeset" title="Adds a role setting for controlling visibility of users: all or members of visible projects (#117..." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/13584">r13584</a> (<a href="http://www.redmine.org/projects/redmine/repository/revisions/13584/diff/trunk/app/controllers/users_controller.rb" class="external">users_controller.rb</a>), because if user with private role (or non-member?) acts on an issue (or is assigned to an issue), user-detail should be visible</li>
<li>I didn't find a way to filter the detailed view in issue-summary for assignees or authors, so a page 404 is shown instead (if current user can't see all members)</li>
<li>Patch is tested in a single-user environment (bitnami-package), maybe there are some performance-issues</li>
</ul> Redmine - Feature #17747: Private roleshttps://www.redmine.org/issues/17747?journal_id=625902015-03-27T11:45:37ZToshi MARUYAMA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-1 priority-4 priority-default" href="/issues/6015">Feature #6015</a>: Private Users</i> added</li></ul> Redmine - Feature #17747: Private roleshttps://www.redmine.org/issues/17747?journal_id=625922015-03-27T11:46:04ZToshi MARUYAMA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-1 priority-4 priority-default" href="/issues/13533">Feature #13533</a>: Concept for controlling visibility of users</i> added</li></ul> Redmine - Feature #17747: Private roleshttps://www.redmine.org/issues/17747?journal_id=682042016-01-01T14:51:09ZFilip Sabo
<ul></ul><p>Can I apply this patch on Redmine 3.1.1? I also have bitnami package. I am getting a reject file project.rb.rej:</p>
<pre><code class="diff syntaxhl"><span class="gd">--- app/models/project.rb (revision 14045)
</span><span class="gi">+++ app/models/project.rb (working copy)
</span><span class="p">@@ -31,7 +31,10 @@</span>
has_many :time_entry_activities
has_many :members,
lambda { joins(:principal, :roles).
<span class="gd">- where("#{Principal.table_name}.type='User' AND #{Principal.table_name}.status=#{Principal::STATUS_ACTIVE}") }
</span><span class="gi">+ ## begin patch private role
+ #where("#{Principal.table_name}.type='User' AND #{Principal.table_name}.status=#{Principal::STATUS_ACTIVE}")}
+ where("#{Principal.table_name}.type='User' AND #{Principal.table_name}.status=#{Principal::STATUS_ACTIVE} AND #{Role.table_name}.name NOT LIKE 'private.%'")}
+ ## end patch private role
</span> has_many :memberships, :class_name => 'Member'
has_many :member_principals,
lambda { joins(:principal).
</code></pre>
<p>Not sure why this happened. When I add <ins>private</ins> to developer role it is not private, it is visible in the project overview when the reporter logs in.</p>
<p>Thanks</p>
<p>Filip</p> Redmine - Feature #17747: Private roleshttps://www.redmine.org/issues/17747?journal_id=695932016-03-09T14:07:00ZWim DePreter
<ul><li><strong>File</strong> <a href="/attachments/15523">private_role_redmine_3.2.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/15523/private_role_redmine_3.2.patch">private_role_redmine_3.2.patch</a> added</li></ul><p>I've made some changes to my patch for Redmine 3.2</p>
Usage:
<ul>
<li>A role is private if name of role begins with "private." (case-sensitive!) </li>
<li>Only administrator can assign a private role to a user/group</li>
</ul>
Extra remarks (see also <a class="issue tracker-2 status-1 priority-4 priority-default" title="Feature: Private roles (New)" href="https://www.redmine.org/issues/17747#note-4">#17747#note-4</a>):
<ul>
<li>Patch has no impact on Custom Fields of type User, but it is possible in Redmine:
<ul>
<li>to select which users (by role) are listed</li>
<li>which users (by role) can see the custom field</li>
</ul></li>
</ul> Redmine - Feature #17747: Private roleshttps://www.redmine.org/issues/17747?journal_id=695962016-03-09T15:31:07ZWim DePreter
<ul><li><strong>File</strong> <a href="/attachments/15525">private_role_redmine_3.2bis.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/15525/private_role_redmine_3.2bis.patch">private_role_redmine_3.2bis.patch</a> added</li></ul><p>Wim DePreter wrote:</p>
<blockquote>
<ul>
<li>I didn't find a way to filter the detailed view in issue-summary for assignees or authors, so a page 404 is shown instead (if current user can't see all members)</li>
</ul>
</blockquote>
<p>I've updated my latest patch, so that detailed issue summary for authors/assignees is possible for every user</p> Redmine - Feature #17747: Private roleshttps://www.redmine.org/issues/17747?journal_id=697142016-03-16T10:19:12ZWim DePreter
<ul><li><strong>File</strong> <a href="/attachments/15558">private_role_redmine_3.2ter.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/15558/private_role_redmine_3.2ter.patch">private_role_redmine_3.2ter.patch</a> added</li></ul>I've made some small changes:
<ul>
<li>private roles are now visible in project-overview for admin-users</li>
<li>undo (most of) my changes to user_controller.rb, because the patch is meant to hide the user-info of private-roles
<ul>
<li>as a consequence, when user A with (only) a private role acts on an issue, and user B (without permission to view all users) tries to consult the user-info of user A, he will get an error-message 403 (not authorised).</li>
<li>in the old version, all user-info of private members was available to all members (this could be a problem with confidentiality)</li>
</ul></li>
</ul>
If someone with more ruby-experience wants to improve this patch, feel free, because:
<ul>
<li>I'm not totally happy with my modifications to principal.rb</li>
<li>all private roles are still listed in user-info</li>
</ul> Redmine - Feature #17747: Private roleshttps://www.redmine.org/issues/17747?journal_id=1023042021-04-30T12:23:29ZWim DePreter
<ul><li><strong>File</strong> <a href="/attachments/27296">private_role_redmine_4.2.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/27296/private_role_redmine_4.2.patch">private_role_redmine_4.2.patch</a> added</li></ul><p>update patch for redmine 4.2 (still very basic, because i have no Ruby experience)</p>