Feature #6077

Only add public project data to activity feed

Added by David Raison about 9 years ago. Updated about 9 years ago.

Status:ClosedStart date:2010-08-08
Priority:NormalDue date:
Assignee:Mischa The Evil% Done:

0%

Category:Feeds
Target version:-
Resolution:Invalid

Description

There should be an option to only have the activity of public projects in the activity feed, i.e. at http://www.redmine.org/activity.atom?key=d6a6088ab1c624fba1d81e2b39d30a042941b71c

Having made the changes to app/controllers/projects_controller.rb as detailed in Defect #5317, information on all projects, even if not public, is available through the feed.

If possible, activity on non-public projects should only be made available to users with sufficient authorization, while the "public" feed should not contain that information.

History

#1 Updated by Felix Schäfer about 9 years ago

Well, the key you provide authenticates you, if you put your key in there, you will get the activity for all the projects you are authorized to see. If I log off and get the atom feed without the key, I only see public projects, or to be more correct: I see everything that doesn't need authentication.

Long story short: can't reproduce, can you please give steps to reproduce? Do you have any plugins installed?

#2 Updated by David Raison about 9 years ago

  • Status changed from New to Resolved

Felix Schäfer wrote:

Well, the key you provide authenticates you, if you put your key in there, you will get the activity for all the projects you are authorized to see. If I log off and get the atom feed without the key, I only see public projects, or to be more correct: I see everything that doesn't need authentication.

Oh, so that is what the key is for... o.O
Oops, typical pebkac error, sorry :D I have a habit of filing such stupid tickets.

#3 Updated by Felix Schäfer about 9 years ago

  • Status changed from Resolved to Closed
  • Resolution set to Invalid

Yes, all "machine-interfaces" (i.e. non-html) are accessible with keys (the Feeds key for the ATOM feeds, the API key for REST API) instead of login+password as the authentication in redmine is not http-simple but through a specialized page that creates a session.

Anyway, no harm done and thanks for reporting back :-)

#4 Updated by Felix Schäfer about 9 years ago

(consequently, if the key you have pasted with the link is legit, you should go to "My page" and "reset" your RSS access key (right hand sidebar).)

#5 Updated by Mischa The Evil about 9 years ago

  • Assignee set to Mischa The Evil

This should be documented in the Redmine Guide more obvious.

Also available in: Atom PDF