Project

General

Profile

Actions
Copy link

Defect #42100

closed

If new user is not attached to any project, he can see all users via URL simply typing numbers https://redmine.org/users/50

Added by Anvar Odilov 7 days ago. Updated 7 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Permissions and roles
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Duplicate
Affected version:
5.0.10

Description

If new user is not attached to any project, he can see all users via URL simply typing numbers after /users/{number}
for example: https://redmine.org/users/50
In order to prevent this, user must be attached to some project with some role, otherwise, he can see list of all users.

Related issues

Is duplicate of Redmine - Feature #38853: Changes user visibility from "all" to "member of visible projects" for new roles and existing builtin rolesClosedMarius BÄ‚LTEANU

Actions
Actions
Copy link

Also available in: Atom PDF