Defect #36549
closed
Issues with watchers and restricted tickets
0%
Description
Hello everyone,
we have a restricted project, where only certrain user groups are able to see the tickets. We have a plugin, which enables users, who assigned as Watcher to tickets of this restricted project are able to edit those tickets like usual, but the rest of the "normal users" cant see it.
I have discovered that I'm able to assign any user (even users with no permissions) as a Watcher to new Tickets upon ticket creation, but when the ticket is finally created and I want to add more watchers afterwards, I can only select the users who are permitted to this project. Please see Screenshots.
Is there a way to fix this? Maybe there is also a plugin, which is capable of fixing this. I would even pay for it, to be honest.
Environment:
Redmine version 4.2.0.stable
Ruby version 2.7.2-p137 (2020-10-01) [x86_64-linux]
Rails version 5.2.5
Environment production
Database adapter Mysql2
Mailer queue ActiveJob::QueueAdapters::AsyncAdapter
Mailer delivery smtp
SCM:
Subversion 1.13.0
Git 2.25.1
Filesystem
Redmine plugins:
redmine_auditlog 0.0.5
redmine_ckeditor 1.2.3
redmine_extended_watchers 4.1.1
Files
Related issues
Updated by Tim G about 2 years ago
In other words, I would like to be able to add any of my 1000 users as watcher to this ticket and not just the 50 accounts who are permitted to it.
Updated by Holger Just about 2 years ago
- Related to Patch #33329: Improve watchers functionality to mark the users that are watching a non visible object and to not return watchers that cannot see the object added
Updated by Tim G about 2 years ago
holger mareck: Do you think the installation of the 3 patches will help?
BR,
Tim
Updated by Holger Just about 2 years ago
The three patches are part of Redmine already (since Redmine 4.2).
However, I believe that the patch 0002 from #33329 is the cause of your issue as it specifically filters out any users from the list of possible watchers who can not view the issue right now. Unfortunately, this defeats your use-case as only by adding the user as a watcher, they will be able to view it.
We (as in the folks of https://plan.io) are currently investigating this further. Once we have more info, we'll post it here.
Updated by Marius BĂLTEANU about 2 years ago
- Status changed from New to Needs feedback
Updated by Tim G about 2 years ago
holger mareck & Marius Ionescu: Thanks for the answers first of all. Sadly I need to tell you, that we have already upgraded to 4.2.3 and the problems are still there. Are there any files or Plugins which would fix it maybe?
Yes true, we're using the redmine_extended_watchers plugin, because we want to make sure that only watchers or assignees get access to certrain tickets. Furthermore we want to ensure that those people can edit the tickets.
BR,
Tim
Updated by Tim G about 2 years ago
holger mareck & Marius:
We have now solved the problem by commenting out the following 3 lines from the watchers_controller.rb
+ # if watchable_object.respond_to?(:visible?)
+ # users.reject! {|user| user.is_a?(User) && !watchable_object.visible?(user)}
+ # end
Ticket can be closed :)
BR,
Tim
Updated by Marius BĂLTEANU about 2 years ago
- Status changed from Needs feedback to Closed
- Resolution set to Invalid
Tim G wrote:
Ticket can be closed :)
BR,
Tim
Thanks!