Feature #9029

Disable public project creation on a role basis

Added by Jérôme BATAILLE about 10 years ago. Updated 6 months ago.

Status:NewStart date:2011-08-10
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

70%

Category:Project settings
Target version:-
Resolution:

Description

This feature implies to :
- Add a new role permission "Add public projects"
- Hide / show the public checkbox in the create / edit project page.

feature_9029_public_project_creation_role_permission.diff Magnifier (2.91 KB) Jérôme BATAILLE, 2011-08-12 12:34

feature_9029_public_project_creation_role_permission_V1.1.diff Magnifier (2.9 KB) Jérôme BATAILLE, 2011-08-16 12:13

feature_9029_public_project_creation_role_permission_V1_.2.diff Magnifier (2.9 KB) Jérôme BATAILLE, 2011-08-16 15:02

public-project-permission-9029.patch Magnifier (7.66 KB) Kevin Fischer, 2021-02-13 08:13


Related issues

Duplicated by Redmine - Feature #6913: An option to prevent making projects public Closed 2010-11-16

History

#1 Updated by Jérôme BATAILLE about 10 years ago

Our company needs this feature.
We are developing this feature and we will propose a patch very soon.
Hope this feature will please some users :-)

#2 Updated by Jérôme BATAILLE about 10 years ago

Here is the patch with FR and EN translations.
Not testing included.

#3 Updated by Jérôme BATAILLE about 10 years ago

  • Assignee changed from Jean-Philippe Lang to Jérôme BATAILLE

#4 Updated by Jérôme BATAILLE about 10 years ago

  • Assignee changed from Jérôme BATAILLE to Jean-Philippe Lang
  • % Done changed from 0 to 70

#5 Updated by Jérôme BATAILLE about 10 years ago

A fix has been added about the permission determination.

#7 Updated by Jérôme BATAILLE about 10 years ago

The patch works with Redmine V1.2.1

#8 Updated by Jean-Philippe Lang over 9 years ago

  • Subject changed from Disable public project creation on a rôle basis to Disable public project creation on a role basis

This patch only hides the checkbox but does not check for permission when submitting the form.

#9 Updated by Go MAEDA over 4 years ago

  • Duplicated by Feature #6913: An option to prevent making projects public added

#10 Updated by Kevin Fischer 7 months ago

Mizuki Ishikawa, Mitsuyoshi Kawabata and me made another patch to solve this issue.

We added a new permission called "Publish Project" which allows (un)publishing a project.
When you don't have that permission we just show the current state of the project as a label.

We could not find a proper CSS class for just displaying a label inside the setting tab, so we just wrote the style directly in the style attribute for now. If anyone has a better suggestion please tell us.

We added unit tests and a migration which will give the "Publish Project" permission to all Roles that had the "Add Project" or "Edit Project" permission until now to preserve the permissions of existing users.

#11 Updated by Mizuki ISHIKAWA 7 months ago

When allowing users to manage projects, system administrators need to worry about projects that should be private are not public.
Unintended disclosure of information can lead to major information leaks.

By adding this permission, only some trusted users can publish the project.
It will reassure many system administrators.

#12 Updated by Go MAEDA 6 months ago

I am not a big fan of adding new permission in the project setting.

I personally do not think there is much necessity of this feature for the following reasons:

  • As long as admin enables "Login required", the project will never become world-accessible
  • It complicates permission management. Two permissions "Edit project" and "Publish project" are required to change the project's "public" setting

#13 Updated by Mizuki ISHIKAWA 6 months ago

Go MAEDA wrote:

I am not a big fan of adding new permission in the project setting.

I personally do not think there is much necessity of this feature for the following reasons:

  • As long as admin enables "Login required", the project will never become world-accessible

I think there may be projects that have information that should not be shown to unauthorized users even if they are logged in (in some cases, employees of other companies are invited to Redmine).
I think we need a feature that restricts the project from being published by general users.

  • It complicates permission management. Two permissions "Edit project" and "Publish project" are required to change the project's "public" setting

How about adding a setting that "allows general users to publish the project" instead of permissions?
If this setting is turned off, only the administrator can publish the project.

Also available in: Atom PDF