Feature #3187

"View Issues" user permission

Added by Rob Felix over 8 years ago. Updated almost 8 years ago.

Status:ClosedStart date:2009-04-16
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Issues permissions
Target version:0.9.0
Resolution:Fixed

Description

Please add a "View Issues" user permission.

view_own_issues.patch Magnifier - Patch to add the view_own_issue permission (11.3 KB) Gilles Pietri, 2009-05-20 14:25

view_own_issues.patch Magnifier - Correct patch file.. (4.91 KB) Gilles Pietri, 2009-05-20 14:32

added_checks.patch Magnifier - Some added changes in helpers/application_helper.rb textilizable (2.23 KB) Thomas Pihl, 2009-05-21 23:19


Related issues

Related to Redmine - Feature #3384: issue permissions Closed 2009-05-18
Duplicated by Redmine - Defect #3404: Rendered link r+revision-no reveal to much in mouse-over ... Closed 2009-05-21

Associated revisions

Revision 3039
Added by Jean-Philippe Lang about 8 years ago

Add view_issues permission (#3187).
A migration adds this permission to all existing roles to preserve current behaviour.
This permission controls access to issues, roadmap and changelog.

Revision 3043
Added by Jean-Philippe Lang about 8 years ago

Don't reveal issue subjects if user is only allowed to view spent time (#3187).

History

#1 Updated by Markus Knittig over 8 years ago

There is such a permission, it's just hardcoded as public. Remove , :public => true in lib/redmine.rb to make it visible...

#2 Updated by Jean-Philippe Lang over 8 years ago

  • Category changed from Administration to Issues permissions
  • Target version set to 0.9.0

#3 Updated by Jim Keller over 8 years ago

a 'View Own Issues' (e.g. issues assigned to you) permission might be useful as well. We have some roles where ideally they wouldn't be able to see any part of the project they're not involved in. Right now we're just setting up sub-projects to account for this situation, which is a reasonable alternative.

#4 Updated by Gilles Pietri over 8 years ago

I'm working on this remotely, as there are numerous place where the view_issues permission doesn't seem enforced, and I need a given kind of user ("dumb mode") to view only issue they submit, and nothing else.. So I did quite some hacks, anybody interested in trying that out?

I will also issue a patch so as to start something at least... Since I'm quite new to redmine, and not that experienced with Rails, I'm sure knowledgeable people might review that efficiently :)

#5 Updated by Thomas Pihl over 8 years ago

Yes, i am interested in trying it out (and helping in any way i can). This is a very much needed feature for us.

/T

#6 Updated by Gilles Pietri over 8 years ago

OK, I finally did that, and diff'ed against SVN..

This adds a view_own_issue permission, and unset the public attribute for view_issues.
I modified the view & controller accordingly to take that into account. I also had to modify the query model, to take that into account.

I really have no experience with redmine, and only a light ruby background, so please feel free to suggest more elegant ways to do this. Especially, I'm not sure about how nice the permission attributes (lib/redmine.rb) should be set if cleaner that what I defined them too...

Enjoy ;)

#7 Updated by Gilles Pietri over 8 years ago

Gilles Pietri wrote:

OK, I finally did that, and diff'ed against SVN..

OK, this is not the patch I intended to publish (diff between my 0.8.3 install and svn in case you wonder..). This is the good one.

#8 Updated by Thomas Pihl over 8 years ago

Seems to work very well. I like it!

Perhaps one addition? When someone put you as watcher you should be able to see the issue? But then again, that might be a security issue.

/T

#9 Updated by Thomas Pihl over 8 years ago

AND...

perhaps also if you have the issue assigned to you.

#10 Updated by Thomas Pihl over 8 years ago

Found a small snag.

If a link to issues you're not allowed to view is rendered on wiki or repository, you're able to see Subject and Status on the mouse-over tooltip.

#11 Updated by Thomas Pihl over 8 years ago

Added a patch for those checks. Check it out and modify to fit

#12 Updated by Gilles Pietri over 8 years ago

Thomas Pihl wrote:

Seems to work very well. I like it!

Perhaps one addition? When someone put you as watcher you should be able to see the issue? But then again, that might be a security issue.

/T

Well it makes sense you should also see the one you're set to watch, gonna look into that.. Could anyone more "redmine-familiar" review that by the way?

Regards

#13 Updated by Jens Goldhammer over 8 years ago

+1

#14 Updated by Dmitry Shkolnikov over 8 years ago

+1

#15 Updated by Gilles Pietri about 8 years ago

Hmm, I was considering an upgrade to 0.8.5 and tests on 0.9, then I found #337

#16 Updated by Thomas Pihl about 8 years ago

This is NOT the same thing as #337.

Private issue means that a group (like support) could hide some issue from all others. #3187 means that each user only see their own reported/assigned issues. Both features are needed and they are not the same.

#17 Updated by Pablo 09 about 8 years ago

I have tried on 0.8.5.devel.2902 and it donĀ“t run.

Mysql::Error: You have an error in your SQL syntax;

#18 Updated by Marcel Evenson about 8 years ago

+1 for #3187 and #337. We've been waiting patiently for both of these to work their way into trunk .. but still no go. #337 was opened over 2 years ago with many many patches submitted and this was opened over 5 months ago.. still nothing .. I think this is a prime example were open source fails :(

#19 Updated by Jose Luna about 8 years ago

Marcel Evenson wrote:

I think this is a prime example were open source fails :(

I think you mean "this is a prime example where open source is imperfect". If redmine had 'failed', then you wouldn't be using it. Clearly, when you considered all factors, redmine was the superior choice for your project management needs. Otherwise, you would have chosen a different software (there are plenty of commercial alternatives).

This may surprise you, but commercial software has the exact same problem delivering features that customers request. Not everyone needs this feature, and it's very hard to manage all of the requested features while keeping a coherent roadmap for the future and a clean codebase.

#20 Updated by Thomas Pihl about 8 years ago

Marcel Evenson wrote:

+1 for #3187 and #337. We've been waiting patiently for both of these to work their way into trunk .. but still no go. #337 was opened over 2 years ago with many many patches submitted and this was opened over 5 months ago.. still nothing .. I think this is a prime example were open source fails :(

I'd like to disagree.

This is very much working open-source. There are a patch to implement already for #3187. If you cannot make it work, you can always hire someone to do it for you. It will still be better quality and cheaper than closed source, hands down. Both #337 and #3187 has been selected for 0.9 (work SOME ELSE is doing for us all). If they make it, it will be all good. If not, we can always patch by ourself (or by hired help). Let's all chip in with out +1 and offers to help coding (if we can) or testing (if we can't).

Just my 0.02 SEK (a very very cheap currency)

#21 Updated by Jean-Philippe Lang about 8 years ago

  • Status changed from New to Closed
  • Resolution set to Fixed

View issues permission added in r3039.
Thanks to Jose and Thomas :-)

#22 Updated by Patrick Hurrelmann about 8 years ago

Jean-Philippe Lang wrote:

View issues permission added in r3039.
Thanks to Jose and Thomas :-)

Whooohoo! Thank you very much Jean-Philippe :)
Now I'm only waiting for Eric with his implemenatation of #465
and 0.9 will rock (much more than it already does)! :D

#23 Updated by Ho Nguyen almost 8 years ago

Hi, I updated to the latest in trunk. Got the "View Issues" permission but its behaviour seemed not correct. When uncheck "View Issues" for a role, so user assigned to that role not able to see any issue, including his own issue. I thought this feature is allow user to see only his own issues, is that correct?

#24 Updated by Stanislav German-Evtushenko almost 8 years ago

  • Status changed from Closed to Reopened

Ho Nguyen wrote:

Hi, I updated to the latest in trunk. Got the "View Issues" permission but its behaviour seemed not correct. When uncheck "View Issues" for a role, so user assigned to that role not able to see any issue, including his own issue. I thought this feature is allow user to see only his own issues, is that correct?

Same for me

#25 Updated by Jean-Philippe Lang almost 8 years ago

  • Status changed from Reopened to Closed

Please re-read the initial request, and see #2653.

#26 Updated by Stanislav German-Evtushenko almost 8 years ago

Gilles Pietri wrote:

Hmm, I was considering an upgrade to 0.8.5 and tests on 0.9, then I found #337

Gilles, please pay attention on #2653

#27 Updated by Stanislav German-Evtushenko almost 8 years ago

Jean-Philippe Lang wrote:

Please re-read the initial request, and see #2653.

Hello Jean-Philippe,
Ok, I got about this feature.
There is one small bug here too. I can't see tasks in activity of head project (right behaviour), but I can see it in childs (wrong).

#28 Updated by Gilles Pietri almost 8 years ago

Yeah, I didn't find the other one at first, and this is not the same thing. #2653 will however fit my use case, so I'll give it a shot.. but it's roughly the same idea as of what my patch was intended to do. Leaving this issue alone for now ;)

#29 Updated by Ho Nguyen almost 8 years ago

Gilles Pietri wrote:

Yeah, I didn't find the other one at first, and this is not the same thing. #2653 will however fit my use case, so I'll give it a shot.. but it's roughly the same idea as of what my patch was intended to do. Leaving this issue alone for now ;)

Gilles, waiting for your patch to #2653, I tried your patch in this issue for trunk but not successful ...

#30 Updated by Ho Nguyen almost 8 years ago

Gilles Pietri wrote:

Yeah, I didn't find the other one at first, and this is not the same thing. #2653 will however fit my use case, so I'll give it a shot.. but it's roughly the same idea as of what my patch was intended to do. Leaving this issue alone for now ;)

Hi Gilles ... I have applied your patch to the trunk ant it worked perfectly for my case (don't allow customer to see internal issues). However, there is one side affect regarding the attachment. My customer cannot download the attachment if I set "view-own-issue" but got the 403 error "You are not authorized to access this page". Have you got the same issue?

#31 Updated by Go MAEDA over 2 years ago

  • Duplicated by Defect #3404: Rendered link r+revision-no reveal to much in mouse-over tooltip added

Also available in: Atom PDF