Defect #28705

403/Not allowed on issue view for non member users

Added by Jens Stein over 3 years ago. Updated over 3 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Permissions and roles
Target version:-
Resolution: Affected version:3.3.4

Description

I translate "Non member users" as a group of users which are authenticated but not otherwise authorised to access a project.
So everybody who is able to log-in but is not a member of the project should be in that group.

We added the group "Nicht-Mitglieder" (which is the translated version of "Non member users") in a role called "TicketViewer" to some of our projects and authenticated (so not anonymous) users are not able to view the issues in the project.

The TicketViewer role is a very basic role simply allowing to view tickets and see the watchlist (maybe it is needed to enable self-adding to the watchlist).

We use Redmine 3.3.4.stable.16947.

Unfortunately nobody except explicitly added users is able to view the issues.
We don't want to add everybody in the house to the several projects (that would mean to add 1000+ employees plus several partners in/of the company) and everybody would receive notifications and updates of the wiki, news, forums etc. and would be able to view all entities of these information types (because there is no option to administer the permissions to access the several moduls and/or restrict access to news, forums etc.).

I add screenshots of the added role in an example project and the roles configuration.
Maybe i made a error on setting it up.
Is there any other way to ensure a group (and it should be a dynamically changing group of authenticated users - e.g. employees which don't belong to the project as reporters, developers or any other set of roles/functions within the project), let's call them authenticated non-members,

authenticated non-members are able to view tickets
authenticated non-members are not able to view any other module
authenticated non-members are enabled to add themselves to the watchlist
authenticated non-members won't receive any news or forum notifications

Any advice, tipps, workarounds?
I added a comment on the problem to the closest existing ticket #23655.

Thanks in advance,

JT

Redmine-2018-05-08-10-19-33.png (12.1 KB) Jens Stein, 2018-05-08 11:02

TicketViewer - Rollen - Redmine-2018-05-08-10-30-58.png (47.8 KB) Jens Stein, 2018-05-08 11:02

Also available in: Atom PDF