https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292015-01-18T04:24:47ZRedmineRedmine - Defect #18875: [Rest API][custom field]Why "GET /custom_fields.xml" required the System manager's privilege?https://www.redmine.org/issues/18875?journal_id=609222015-01-18T04:24:47ZMischa The Evil
<ul><li><strong>Priority</strong> changed from <i>High</i> to <i>Normal</i></li></ul><p>My basic view on this is that the API implementation - <a class="changeset" title="REST API: custom fields definition (#11159)." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/12165">r12165</a> for <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: REST API for getting CustomField definitions (Closed)" href="https://www.redmine.org/issues/11159">#11159</a> - just follows the same authorization level (user designated as an <code>administrator</code>) as is in use for its HTML counterpart. Global custom field listings are only available to <code>administrator</code> users via the <em>Administration -> Custom fields</em> menu.<br />Just to be sure: if you are trying to achieve <em>updates</em> for <em>issues</em> which are <em>using custom field values</em>, then see <a class="wiki-page" href="https://www.redmine.org/projects/redmine/wiki/Rest_Issues#Updating-an-issue">Rest_Issues#Updating-an-issue</a> and <a class="wiki-page" href="https://www.redmine.org/projects/redmine/wiki/Rest_api#Working-with-custom-fields">Rest_api#Working-with-custom-fields</a>.</p> Redmine - Defect #18875: [Rest API][custom field]Why "GET /custom_fields.xml" required the System manager's privilege?https://www.redmine.org/issues/18875?journal_id=660612015-09-16T14:35:56ZIeuan Jenkins
<ul></ul><p>I can see the logic behind permitting the same access level to the API implementation of the Custom Fields page as to the standard web view, but practically speaking it doesn't really work.</p>
<p>As an API user how am I supposed to know what a valid value is?</p>
<p>If we agree it's bad practice to permit RO access for non-admin users to the <a class="external" href="http://redmine.org/custom_fields.json">http://redmine.org/custom_fields.json</a> page, what about adding an <code>include</code> parameter option of <code>custom_field_details</code>, e.g. <code>http://www.redmine.org/issues/18875.json?include=custom_field_details</code>. This could return a XML/JSON representation of the custom fields valid for that project/issue combination?</p> Redmine - Defect #18875: [Rest API][custom field]Why "GET /custom_fields.xml" required the System manager's privilege?https://www.redmine.org/issues/18875?journal_id=673982015-11-19T16:21:24ZLoic Dachary
<ul></ul><p>It is very inconvenient to not be able to list the custom fields. When creating an issue, the id of the custom field is required to set the value and there is no other way to get it. So +1 on fixing this :-)</p> Redmine - Defect #18875: [Rest API][custom field]Why "GET /custom_fields.xml" required the System manager's privilege?https://www.redmine.org/issues/18875?journal_id=675792015-11-29T01:23:21ZJustin Hill
<ul></ul><p>+1 on fixing this! I'm building an iOS client for Redmine and it's currently just not possible to retrieve the possible values for a custom field, which makes it impossible to implement a fully-featured issue composer.</p> Redmine - Defect #18875: [Rest API][custom field]Why "GET /custom_fields.xml" required the System manager's privilege?https://www.redmine.org/issues/18875?journal_id=679422015-12-15T06:19:26ZJustin Hill
<ul></ul><p>Hmm, another thought on the implementation of this fix. Each tracker can have its own composition of custom fields, so while it would be somewhat helpful to have the possible values, we would also need to know which trackers use each field in order to allow a user to construct a valid edit.</p> Redmine - Defect #18875: [Rest API][custom field]Why "GET /custom_fields.xml" required the System manager's privilege?https://www.redmine.org/issues/18875?journal_id=715852016-06-16T01:47:08Zume sanumesan@gomibako.com
<ul></ul><p>+1<br />like 'Issue Statuses', 'Trackers'.</p> Redmine - Defect #18875: [Rest API][custom field]Why "GET /custom_fields.xml" required the System manager's privilege?https://www.redmine.org/issues/18875?journal_id=783992017-05-06T14:28:11ZToshi MARUYAMA
<ul><li><strong>Has duplicate</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/25542">Feature #25542</a>: Custom Fields available over the API</i> added</li></ul> Redmine - Defect #18875: [Rest API][custom field]Why "GET /custom_fields.xml" required the System manager's privilege?https://www.redmine.org/issues/18875?journal_id=883782018-11-14T16:03:34Zume sanumesan@gomibako.com
<ul><li><strong>File</strong> <a href="/attachments/21807">project_api_include_issue_custom_fields.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/21807/project_api_include_issue_custom_fields.patch">project_api_include_issue_custom_fields.patch</a> added</li></ul><p>I have created a patch for only 'Issue custom fields' of the project.</p>
<p>[syntax]<br />GET /projects/[id].xml?include=issue_custom_fields</p>
<p>Added Parameter issue_custom_fields to 'Showing a project' (GET /projects/[id].xml).</p>
<p>I would like to get your feedback.</p> Redmine - Defect #18875: [Rest API][custom field]Why "GET /custom_fields.xml" required the System manager's privilege?https://www.redmine.org/issues/18875?journal_id=884152018-11-17T10:15:10ZYuuki NARA
<ul></ul><p>+1 for <a href="#note-8">#note-8</a> and <a href="#note-2">#note-2</a> proposal</p>
<p>I agree that the items that can be referred to only by the setting screen of administrator should not be displayed other than administrator.</p>
<p>However, what kind of problems will occur if you allow reference to custom field items beyond administrator?</p>
<p>It is necessary to think about whether the current access authority and the screen composition specification are appropriate.</p>
<p>For the tracker's required custom field currently selected in the project and the selected custom field,<br />It is a practical countermeasure to make it possible for project members to refer to possible values.</p>
<p>Sorry, the following is Japanese.</p>
<p>administratorの設定画面のみで参照できる項目を、administrator以外に表示すべきで無いことについては合意する。</p>
<p>しかし、administrator以外にカスタムフィールド項目の参照を許可した場合、どのような問題が発生するのだろうか。<br />現在のアクセス権限と画面構成の仕様が適切であるかは、考えてみる必要があるのではないか。</p>
<p>プロジェクトで現在選択されているトラッカーの必須カスタムフィールド、及び選択されたカスタムフィールドに対して、<br />取り得る値をプロジェクトメンバーが参照可能とすることは、現実的な対応策と思う。</p> Redmine - Defect #18875: [Rest API][custom field]Why "GET /custom_fields.xml" required the System manager's privilege?https://www.redmine.org/issues/18875?journal_id=1032122021-07-13T06:13:42ZLoic Dachary
<ul></ul><p>I know I already commented on this one five years ago but here it is again, as I ran into this it today :-)</p>