Project

General

Profile

Actions

Defect #22120

open

Issues are visible in Issue List but not in Issue Detail

Added by Jonathan Vargas about 8 years ago. Updated almost 8 years ago.

Status:
Needs feedback
Priority:
Normal
Assignee:
-
Category:
Permissions and roles
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

Hey,

I found that there is an inconsistency in the authorization to see issues.

I use Redmine as a Project Management Tool for 4 years, and now I am setting up a new project for providing support too.

On this support project, I expect anyone can create requests and see the requests they created or that are assigned to him only, not the other guys support requests.

I configured the project as "Public", created a "Casual Customer" role with Issues Visibility set to "Issues created by or assigned to the user". I assigned this role to the "Non-members" users of this project, in the project's Members configuration tab.

After doing this, the non-members users are allowed to see each other issues in the Activity and Issues tabs, however when clicking on one of these unallowed issues to see its detail, a 403 error is triggered.

Here is a video of the situation:

https://youtu.be/7aHFglhjIKo

I already disabled all other plugins and restarted. Also, I am attaching a screenshot of my Redmine information page.


Files

Selection_140.png (51 KB) Selection_140.png Jonathan Vargas, 2016-03-01 14:37

Related issues

Related to Redmine - Defect #24915: Activity shows issues and text of issues which should notNeeds feedback

Actions
Actions #1

Updated by Toshi MARUYAMA about 8 years ago

  • Status changed from New to Needs feedback

I cannot reproduce on 3.1.3.
I think your "Non member" and "Anonymous" roles have "View issues" permission.

Actions #2

Updated by Jonathan Vargas about 8 years ago

Yes, they have that permission enabled. If I disable it, they won't see any issue, including those ones created by or assigned to themselves.

Is that the expected behaviour?

How can I effectively hide the issues in the listings (Issue List & Activity panels), and only allow these users to see issues created by or assigned to them?

Actions #3

Updated by Toshi MARUYAMA almost 8 years ago

I still cannot reproduce.

Actions #4

Updated by Toshi MARUYAMA about 7 years ago

  • Related to Defect #24915: Activity shows issues and text of issues which should not added
Actions

Also available in: Atom PDF