Project

General

Profile

Actions

Defect #9278

closed

Even without Permission "View Issues" or "View spent time " I can acces those pages...

Added by Stéphane Carré over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Permissions and roles
Target version:
-
Start date:
2011-09-19
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:

Description

In my Redmine configuration I have a "very poor" role without permission "View Issues" and "View spent time".
But when accessing projets page with a user having only this role I have the projects menu :

View all issues | Overall spent time | Overall activity

... and I can access those links when clicking.

Is there a bug or did I missunderstood something ?

Actions #1

Updated by Etienne Massip over 12 years ago

  • Category changed from Issues permissions to Permissions and roles
Actions #2

Updated by Mischa The Evil over 12 years ago

Stéphane Carré wrote:

In my Redmine configuration I have a "very poor" role without permission "View Issues" and "View spent time".
But when accessing projets page with a user having only this role I have the projects menu :

View all issues | Overall spent time | Overall activity

... and I can access those links when clicking.

Is there a bug or did I missunderstood something ?

This is not a defect actually. You won't see issues, spent-time entries or other activity from projects which are not public and where the specific user don't have permissions to according to his role for the project.

Those three views are always visible to any user but only the data the user has explicitly access to is actually displayed.

Actions #3

Updated by Stéphane Carré over 12 years ago

Ok, now I understand the utility of the public flag for a project !
But this time I don't understand the need for the 2 permissions "view issues" and "view spent time" if they are never used !

Actions #4

Updated by Mischa The Evil over 12 years ago

Stéphane Carré wrote:

But this time I don't understand the need for the 2 permissions "view issues" and "view spent time" if they are never used !

They are used actually. All the permissions are assignable to seperate roles in which project members can operate for each seperate (not-public) project.

Actions #5

Updated by Stéphane Carré over 12 years ago

  • Status changed from New to Resolved

Ok this is not a bug.
I understand that the menu buttons "View all issues", "Overall spent time", "Overall activity" are globals to all projects and that permissions "View Issues" and "View spent time" are relative to each project.
Sorry

Actions #6

Updated by Mischa The Evil over 12 years ago

  • Status changed from Resolved to Closed
  • Resolution set to Invalid

Stéphane Carré wrote:

Ok this is not a bug.
[...] and that permissions "View Issues" and "View spent time" are relative to each project.

Not per definition. Both individual permissions can be/are granted to the system roles "Non member" and "Anonymous" also, thus (in an open Redmine-instance) effectively these permissions can work on a global (project-wide) level too.

Stéphane Carré wrote:

Sorry

No need to say sorry here IMHO. The permissions-system currently in use by Redmine is not very-well documented and has some drawbacks and caveats.

Actions

Also available in: Atom PDF