Defect #22120
open
Issues are visible in Issue List but not in Issue Detail
0%
Description
Hey,
I found that there is an inconsistency in the authorization to see issues.
I use Redmine as a Project Management Tool for 4 years, and now I am setting up a new project for providing support too.
On this support project, I expect anyone can create requests and see the requests they created or that are assigned to him only, not the other guys support requests.
I configured the project as "Public", created a "Casual Customer" role with Issues Visibility set to "Issues created by or assigned to the user". I assigned this role to the "Non-members" users of this project, in the project's Members configuration tab.
After doing this, the non-members users are allowed to see each other issues in the Activity and Issues tabs, however when clicking on one of these unallowed issues to see its detail, a 403 error is triggered.
Here is a video of the situation:
I already disabled all other plugins and restarted. Also, I am attaching a screenshot of my Redmine information page.
Files
Related issues
Updated by Toshi MARUYAMA over 8 years ago
- Status changed from New to Needs feedback
I cannot reproduce on 3.1.3.
I think your "Non member" and "Anonymous" roles have "View issues" permission.
Updated by Jonathan Vargas over 8 years ago
Yes, they have that permission enabled. If I disable it, they won't see any issue, including those ones created by or assigned to themselves.
Is that the expected behaviour?
How can I effectively hide the issues in the listings (Issue List & Activity panels), and only allow these users to see issues created by or assigned to them?
Updated by Toshi MARUYAMA almost 8 years ago
- Related to Defect #24915: Activity shows issues and text of issues which should not added