Project

General

Profile

Actions
Copy link

Defect #22120

open

Issues are visible in Issue List but not in Issue Detail

Added by Jonathan Vargas over 8 years ago. Updated over 8 years ago.

Status:
Needs feedback
Priority:
Normal
Assignee:
-
Category:
Permissions and roles
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:
3.1.1

Description

Hey,

I found that there is an inconsistency in the authorization to see issues.

I use Redmine as a Project Management Tool for 4 years, and now I am setting up a new project for providing support too.

On this support project, I expect anyone can create requests and see the requests they created or that are assigned to him only, not the other guys support requests.

I configured the project as "Public", created a "Casual Customer" role with Issues Visibility set to "Issues created by or assigned to the user". I assigned this role to the "Non-members" users of this project, in the project's Members configuration tab.

After doing this, the non-members users are allowed to see each other issues in the Activity and Issues tabs, however when clicking on one of these unallowed issues to see its detail, a 403 error is triggered.

Here is a video of the situation:

https://youtu.be/7aHFglhjIKo

I already disabled all other plugins and restarted. Also, I am attaching a screenshot of my Redmine information page.

Files

Selection_140.png (51 KB) Selection_140.png Jonathan Vargas, 2016-03-01 14:37

Related issues

Related to Redmine - Defect #24915: Activity shows issues and text of issues which should notNeeds feedback

Actions
Actions
Copy link

Also available in: Atom PDF