Defect #22120

Issues are visible in Issue List but not in Issue Detail

Added by Jonathan Vargas almost 2 years ago. Updated over 1 year ago.

Status:Needs feedbackStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Permissions and roles
Target version:-
Resolution: Affected version:3.1.1

Description

Hey,

I found that there is an inconsistency in the authorization to see issues.

I use Redmine as a Project Management Tool for 4 years, and now I am setting up a new project for providing support too.

On this support project, I expect anyone can create requests and see the requests they created or that are assigned to him only, not the other guys support requests.

I configured the project as "Public", created a "Casual Customer" role with Issues Visibility set to "Issues created by or assigned to the user". I assigned this role to the "Non-members" users of this project, in the project's Members configuration tab.

After doing this, the non-members users are allowed to see each other issues in the Activity and Issues tabs, however when clicking on one of these unallowed issues to see its detail, a 403 error is triggered.

Here is a video of the situation:

https://youtu.be/7aHFglhjIKo

I already disabled all other plugins and restarted. Also, I am attaching a screenshot of my Redmine information page.

Selection_140.png (51 KB) Jonathan Vargas, 2016-03-01 14:37


Related issues

Related to Redmine - Defect #24915: Activity shows issues and text of issues which should not Needs feedback

History

#1 Updated by Toshi MARUYAMA almost 2 years ago

  • Status changed from New to Needs feedback

I cannot reproduce on 3.1.3.
I think your "Non member" and "Anonymous" roles have "View issues" permission.

#2 Updated by Jonathan Vargas over 1 year ago

Yes, they have that permission enabled. If I disable it, they won't see any issue, including those ones created by or assigned to themselves.

Is that the expected behaviour?

How can I effectively hide the issues in the listings (Issue List & Activity panels), and only allow these users to see issues created by or assigned to them?

#3 Updated by Toshi MARUYAMA over 1 year ago

I still cannot reproduce.

#4 Updated by Toshi MARUYAMA 11 months ago

  • Related to Defect #24915: Activity shows issues and text of issues which should not added

Also available in: Atom PDF