Board permissions

Added by Anonymous almost 10 years ago

Hey,

I have a problem, possibly a bug, but I wanted to check first. If I create a user and put it in a group that has also Checkboxes removed for board permissions, he can still see and post on the forums - is boards and forums not the same? Am I doing something wrong or is there a bug?

Version is Redmine 0.9.0.devel. I searched this side, but there did not seem to be anything about this.

Ole

Replies (10)

RE: Board permissions - Added by Anonymous almost 10 years ago

I just updated to 0.9.2.devel, but the problem persists.

RE: Board permissions - Added by Felix Schäfer almost 10 years ago

  1. Is the user an administrator? Administrators have every right.
  2. Does the user have other roles in the project? Roles are cumulative, i.e. if one of the roles the user has has rights to post on the board, the user will have this right.
  3. I think you might also need to take the board posting permission from Anonymous and/or Logged-in user, as it may trickle up to members of a project (not sure about that though).

RE: Board permissions - Added by Anonymous almost 10 years ago

The user is not an administrator, the user has only this one role, and both anonymous and non-members have no rights on the board. However I found out that none of the 6 checkboxes in the boards category says anything about viewing, so they are all about editing, deleting, managing. Thus it might be expected that everyone can always see the board. I double checked, the user cannot post on the forum - so I must have overlooked that last time.

So it looks as if that was not a bug, but I would still like to be able to turn viewing off, too. I use the forum as a communication platform for the developers, but I want certain users to be able to see and download on the file section but not read our internal communication. So should I post a feature request in the issue tracker here or what is the way to go? I might also be able to implement that myself and I guess nobody would object to having one more checkbox there that is checked by default but can be unchecked to prevent the user from viewing the forums...

RE: Board permissions - Added by Anonymous almost 10 years ago

I looked into the source code a bit and found these two lines that seem to be related to my issue (my Ruby skills are rather superficial):

board.rb, lines 30-32

  def visible?(user=User.current)
    !user.nil? && user.allowed_to?(:view_messages, project)
  end

redmine.rb, line 111:

    map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true

If I understand this correctly, the boards can only be viewed if the user has the permission :view_messages. Does the :public => true mean that every user has this permission?

RE: Board permissions - Added by Felix Schäfer almost 10 years ago

I think if you remove the , :public => true part, you should get a checkbox on the permissions page, but I'd rather recommend filing a ticket, everything needed is pretty much there but "the checkbox", and I think it should be quite straightforward to get into the repository and should thus be there rather sooner than later.

RE: Board permissions - Added by Anonymous almost 10 years ago

Yes, that works for me. What is the rational behind the public, to allow to have permissions that everyone always has?

RE: Board permissions - Added by Felix Schäfer almost 10 years ago

The :public => true gives the corresponding permission to everyone, correct.

RE: Board permissions - Added by Benjamin Baroukh over 8 years ago

Why is this permission granted by default??? Any plan of changing this in the trunk? If not, why?

RE: Board permissions - Added by arthur me over 8 years ago

I need solution which allows some messages (forum/board posts) to be private. Permission to these messages needs to be assignable to a role and is project specific. When a user is browsing through the forums, they should only see messages that they have access to and the counts of topics, messages, and replies should reflect the number of messages that they have access to. For my initial needs, this is simply a flag on a message- private or not. The access rules could be quite a bit more complicated, but to get something rolling I did it this way, cribbing some ideas from the private issues patch (#337). Also this does not cover making specific boards private- only messages inside of boards.

I'm not sure if my approach here is right. I'm also completely new to ruby so I'm confident that my coding style and understanding of redmine needs help. I'm also not sure that this is a desirable feature for other folks, but if it is I'm glad to keep working on it to make it more functional

private_messages.patch Magnifier - Private messages (12.8 KB)

RE: Board permissions - Added by arthur me over 8 years ago

Code development going on over at #7555

(1-10/10)