Defect #9278
closedEven without Permission "View Issues" or "View spent time " I can acces those pages...
0%
Description
In my Redmine configuration I have a "very poor" role without permission "View Issues" and "View spent time".
But when accessing projets page with a user having only this role I have the projects menu :
View all issues | Overall spent time | Overall activity
... and I can access those links when clicking.
Is there a bug or did I missunderstood something ?
Updated by Etienne Massip over 13 years ago
- Category changed from Issues permissions to Permissions and roles
Updated by Mischa The Evil over 13 years ago
Stéphane Carré wrote:
In my Redmine configuration I have a "very poor" role without permission "View Issues" and "View spent time".
But when accessing projets page with a user having only this role I have the projects menu :View all issues | Overall spent time | Overall activity
... and I can access those links when clicking.
Is there a bug or did I missunderstood something ?
This is not a defect actually. You won't see issues, spent-time entries or other activity from projects which are not public and where the specific user don't have permissions to according to his role for the project.
Those three views are always visible to any user but only the data the user has explicitly access to is actually displayed.
Updated by Stéphane Carré over 13 years ago
Ok, now I understand the utility of the public flag for a project !
But this time I don't understand the need for the 2 permissions "view issues" and "view spent time" if they are never used !
Updated by Mischa The Evil over 13 years ago
Stéphane Carré wrote:
But this time I don't understand the need for the 2 permissions "view issues" and "view spent time" if they are never used !
They are used actually. All the permissions are assignable to seperate roles in which project members can operate for each seperate (not-public) project.
Updated by Stéphane Carré over 13 years ago
- Status changed from New to Resolved
Ok this is not a bug.
I understand that the menu buttons "View all issues", "Overall spent time", "Overall activity" are globals to all projects and that permissions "View Issues" and "View spent time" are relative to each project.
Sorry
Updated by Mischa The Evil over 13 years ago
- Status changed from Resolved to Closed
- Resolution set to Invalid
Stéphane Carré wrote:
Ok this is not a bug.
[...] and that permissions "View Issues" and "View spent time" are relative to each project.
Not per definition. Both individual permissions can be/are granted to the system roles "Non member" and "Anonymous" also, thus (in an open Redmine-instance) effectively these permissions can work on a global (project-wide) level too.
Stéphane Carré wrote:
Sorry
No need to say sorry here IMHO. The permissions-system currently in use by Redmine is not very-well documented and has some drawbacks and caveats.