Feature #6077

Only add public project data to activity feed

Added by David Raison almost 9 years ago. Updated almost 9 years ago.

Status:ClosedStart date:2010-08-08
Priority:NormalDue date:
Assignee:Mischa The Evil% Done:

0%

Category:Feeds
Target version:-
Resolution:Invalid

Description

There should be an option to only have the activity of public projects in the activity feed, i.e. at http://www.redmine.org/activity.atom?key=d6a6088ab1c624fba1d81e2b39d30a042941b71c

Having made the changes to app/controllers/projects_controller.rb as detailed in Defect #5317, information on all projects, even if not public, is available through the feed.

If possible, activity on non-public projects should only be made available to users with sufficient authorization, while the "public" feed should not contain that information.

History

#1 Updated by Felix Schäfer almost 9 years ago

Well, the key you provide authenticates you, if you put your key in there, you will get the activity for all the projects you are authorized to see. If I log off and get the atom feed without the key, I only see public projects, or to be more correct: I see everything that doesn't need authentication.

Long story short: can't reproduce, can you please give steps to reproduce? Do you have any plugins installed?

#2 Updated by David Raison almost 9 years ago

  • Status changed from New to Resolved

Felix Schäfer wrote:

Well, the key you provide authenticates you, if you put your key in there, you will get the activity for all the projects you are authorized to see. If I log off and get the atom feed without the key, I only see public projects, or to be more correct: I see everything that doesn't need authentication.

Oh, so that is what the key is for... o.O
Oops, typical pebkac error, sorry :D I have a habit of filing such stupid tickets.

#3 Updated by Felix Schäfer almost 9 years ago

  • Status changed from Resolved to Closed
  • Resolution set to Invalid

Yes, all "machine-interfaces" (i.e. non-html) are accessible with keys (the Feeds key for the ATOM feeds, the API key for REST API) instead of login+password as the authentication in redmine is not http-simple but through a specialized page that creates a session.

Anyway, no harm done and thanks for reporting back :-)

#4 Updated by Felix Schäfer almost 9 years ago

(consequently, if the key you have pasted with the link is legit, you should go to "My page" and "reset" your RSS access key (right hand sidebar).)

#5 Updated by Mischa The Evil almost 9 years ago

  • Assignee set to Mischa The Evil

This should be documented in the Redmine Guide more obvious.

Also available in: Atom PDF