Issues are visible in Issue List but not in Issue Detail
|Status:||Needs feedback||Start date:|
|Category:||Permissions and roles|
I found that there is an inconsistency in the authorization to see issues.
I use Redmine as a Project Management Tool for 4 years, and now I am setting up a new project for providing support too.
On this support project, I expect anyone can create requests and see the requests they created or that are assigned to him only, not the other guys support requests.
I configured the project as "Public", created a "Casual Customer" role with Issues Visibility set to "Issues created by or assigned to the user". I assigned this role to the "Non-members" users of this project, in the project's Members configuration tab.
After doing this, the non-members users are allowed to see each other issues in the Activity and Issues tabs, however when clicking on one of these unallowed issues to see its detail, a 403 error is triggered.
Here is a video of the situation:
I already disabled all other plugins and restarted. Also, I am attaching a screenshot of my Redmine information page.
#2 Updated by Jonathan Vargas over 6 years ago
Yes, they have that permission enabled. If I disable it, they won't see any issue, including those ones created by or assigned to themselves.
Is that the expected behaviour?
How can I effectively hide the issues in the listings (Issue List & Activity panels), and only allow these users to see issues created by or assigned to them?