Index: app/controllers/reports_controller.rb
===================================================================
--- app/controllers/reports_controller.rb	(revision 20982)
+++ app/controllers/reports_controller.rb	(working copy)
@@ -27,8 +27,12 @@
     @versions = @project.shared_versions.sorted
     @priorities = IssuePriority.all.reverse
     @categories = @project.issue_categories
-    @assignees = (Setting.issue_group_assignment? ? @project.principals : @project.users).sorted
-    @authors = @project.users.sorted
+## begin patch private role
+    #@assignees = (Setting.issue_group_assignment? ? @project.principals : @project.users).sorted
+    @assignees = (Setting.issue_group_assignment? ? @project.principals : @project.users.visible).sorted
+    #@authors = @project.users.sorted
+    @authors = @project.users.visible.sorted
+## end patch private role
     @subprojects = @project.descendants.visible
     @issues_by_tracker = Issue.by_tracker(@project, with_subprojects)
     @issues_by_version = Issue.by_version(@project, with_subprojects)
@@ -66,12 +70,18 @@
       @report_title = l(:field_category)
     when "assigned_to"
       @field = "assigned_to_id"
-      @rows = (Setting.issue_group_assignment? ? @project.principals : @project.users).sorted
+## begin patch private role
+      #@rows = (Setting.issue_group_assignment? ? @project.principals : @project.users).sorted
+      @rows = (Setting.issue_group_assignment? ? @project.principals : @project.users).visible.sorted
+## end patch private role
       @data = Issue.by_assigned_to(@project, with_subprojects)
       @report_title = l(:field_assigned_to)
     when "author"
       @field = "author_id"
-      @rows = @project.users.sorted
+## begin patch private role
+      #@rows = @project.users.sorted
+      @rows = @project.users.visible.sorted
+## end patch private role
       @data = Issue.by_author(@project, with_subprojects)
       @report_title = l(:field_author)
     when "subproject"
Index: app/controllers/users_controller.rb
===================================================================
--- app/controllers/users_controller.rb	(revision 20982)
+++ app/controllers/users_controller.rb	(working copy)
@@ -73,7 +73,10 @@
 
   def show
     unless @user.visible?
-      render_404
+## begin patch private role (revert revision 13584 - if user with private role (or non-member?) acts on issue, user should be visible)
+      #render_404
+      render_403
+## end patch private role
       return
     end
 
Index: app/models/principal.rb
===================================================================
--- app/models/principal.rb	(revision 20982)
+++ app/models/principal.rb	(working copy)
@@ -59,7 +59,14 @@
       else
         # self and members of visible projects
         active.where(
-          "#{table_name}.id = ? OR #{table_name}.id IN (SELECT user_id FROM #{Member.table_name} WHERE project_id IN (?))",
+## begin patch private role
+        #"#{table_name}.id = ? OR #{table_name}.id IN (SELECT user_id FROM #{Member.table_name} WHERE project_id IN (?))",
+        "#{table_name}.id = ? OR #{table_name}.id IN (" +
+          "SELECT m.user_id FROM #{Member.table_name} m" +
+          " INNER JOIN #{MemberRole.table_name} mr ON m.id = mr.member_id" +
+          " INNER JOIN #{Role.table_name} r ON mr.role_id = r.id" +
+          " WHERE m.project_id IN (?) AND r.name NOT LIKE 'private.%')",
+## end patch private role
           user.id, user.visible_project_ids
         )
       end
Index: app/models/project.rb
===================================================================
--- app/models/project.rb	(revision 20982)
+++ app/models/project.rb	(working copy)
@@ -549,7 +549,10 @@
   # Returns a hash of project users/groups grouped by role
   def principals_by_role
     memberships.includes(:principal, :roles).inject({}) do |h, m|
-      m.roles.each do |r|
+## begin patch private role
+      #m.roles.each do |r|
+      m.roles.non_private.each do |r|
+## end patch private role      
         h[r] ||= []
         h[r] << m.principal
       end
@@ -599,6 +602,9 @@
 
     scope = Principal.
       active.
+## begin patch private role
+      visible.
+## end patch private role
       joins(:members => :roles).
       where(:type => types, :members => {:project_id => id}, :roles => {:assignable => true}).
       distinct.
Index: app/models/role.rb
===================================================================
--- app/models/role.rb	(revision 20982)
+++ app/models/role.rb	(working copy)
@@ -54,7 +54,23 @@
   ]
 
   scope :sorted, lambda {order(:builtin, :position)}
-  scope :givable, lambda {order(:position).where(:builtin => 0)}
+## begin patch private role
+  #scope :givable, lambda {order(:position).where(:builtin => 0)}
+  scope :givable, lambda {
+    if User.current.admin?
+      order(:position).where(:builtin => 0)
+    else
+      order(:position).non_private.where(:builtin => 0)
+    end
+  }
+  scope :non_private, lambda { 
+    if User.current.admin?
+      all
+    else
+      all.where("#{table_name}.name NOT LIKE 'private.%'")
+    end
+  }
+## end patch private role
   scope :builtin, (lambda do |*args|
     compare = (args.first == true ? 'not' : '')
     where("#{compare} builtin = 0")