Redmine

AFAIK, your needs are fully met by defining roles specifically for every project: roles are give to project members for each project. And since each project can be defined public or private, there's no conflict between OSS and closed source project.
Maybe I'm missing one of your requirement?

A registered non-member user of the closed source project should be able to add issues for the project but not be able to view the source code of the project from the repository. However, this same member who is also a non-member of an open source project should be able to add an issue and view the source.

There is no option to set what a non-member can or cannot do for each individual project in Redmine. Yes, you can set it to public for all to view or private to hide it from all, but there's nothing you can do if you want something in between public and private and/or separate permissions between two projects.

Now I see you're need, but I've no opinion about this option: it removes from redmine administrator the ability to handle behavior of non-members users, giving out this responsability to project administrator... Could be a good thing, if every project admin are aware of their responsabilities, but I have great doubts about this...

I think it would be a great option to add especially if you had an on and off option in the administration section.

I'd like to see this feature as well.

I currently have two public projects one of which I don't want non-registered users viewing/browsing the Repository. I want users to have to register to view/browse the repository.

However, on the other public project I would like it so that non-registered users are free to view/browse the repository.

It is very important feature for me too.

I will be very happy if I see it in 0.8.1 version :)

Same here. We have OpenSource projects where Anonymous Users should be able to browse the repository and closed source projects where Anonymous shouldn't have access to the repository but the project is public too.

It would be enough if Anonymous and Non-Member Rights could be defined or overwritten per project.

+1 for this feature. At our company, we like to give contractors access to certain projects in Redmine (in which they are involved) but prevent them from access for our other projects. It would be a nice feature to configure project-level security, or mark a project as hidden to all users except those who are directly involved, or something like that.

+1

Are there any new developments here?

We want to start using redmine and love it so far but we also want to invite our clients to redmine in order to improve our workflow. Of course these clients must only be allowed to see projects, in which they are involved. Otherwise they can go into any project, view all tickets and even start creating tickets.
I think that's a major security problem, so in my opinion this is a very critical issue, isn't it?

pretty important feature, but will probably require a large refactoring :(

Okay, I'm blind and Jean-Philippe helped me see..

@Everyone who might have the same problem:
Just make your project private. To do so, uncheck the "Public" flag in your project settings. After that, only project members (and Redmine admins) will be able to view the project and its content.

Oliver Karstedt wrote:

Okay, I'm blind and Jean-Philippe helped me see..

@Everyone who might have the same problem:
Just make your project private. To do so, uncheck the "Public" flag in your project settings. After that, only project members (and Redmine admins) will be able to view the project and its content.

That is totally not what this ticket suggests. What if you have open source projects where you don't want your users to commit? Or, what if you have a project that needs bug reporting to the public level but you don't want your source to be out there?

Steven Lu wrote:

That is totally not what this ticket suggests. What if you have open source projects where you don't want your users to commit? Or, what if you have a project that needs bug reporting to the public level but you don't want your source to be out there?

And that's why I said "everyone who might have the same problem" as in "everyone who might have the same problem I had". It's totally not what solves this ticket but it totally solved my problem as explained above. And Craig G's problem, too btw. Just thought it would be helpful to others to post the answer to a question I asked. Sorry for causing inconvenience...

Oliver Karstedt wrote:

Okay, I'm blind and Jean-Philippe helped me see..

@Everyone who might have the same problem:
Just make your project private. To do so, uncheck the "Public" flag in your project settings. After that, only project members (and Redmine admins) will be able to view the project and its content.

Thanks for this. Yes, the problem was that even though I initially understood the Public attribute, and thought I unchecked it, it was still on and making projects public by default. After a second review of it and ensuring that it was not selected it is indeed working correctly now!

I wrote plugin which can help with this issue: http://projects.andriylesyuk.com/projects/role-shift