Project

General

Profile

No permission to acces issue, created by the same person

Added by Armin Raygu over 9 years ago

Hey Guys,

I got a problem that I cannot solve. This Article helped me to automate the issue creating also creating a new user if its not already registered via E-Mail, usind this command:

rake -f /home/redmine/redmine/Rakefile redmine:email:receive_imap RAILS_ENV="production" host=example.com username=example@example.com password=password move_on_success=Read move_on_failure=Fail project=New-Tickets unknown_user=create no_permission_check=1

Problem:
The user who created the issue is not able to watch his issue. If i log in with the new created user there is no Ticket shown. Then im tried to manually type the url getting the 403 error saying im not allowed to access the site.
I already tried to give the Non Member every rights he could get at "Administration -> Roles and Rights" and it still doesnt work. At the end I gave the Non Member group Administration rights an it worked.
Obviously its a permission error, but as I described I allowed the "Non Member" group to do everything.
Do u guys may know what the problem is?

Environment:
Linux Dist Debian 7.6
Redmine version 2.5.2.stable
Ruby version 1.9.3-p327 (2012-11-10) [x86_64-linux]
Rails version 3.2.19
Environment production
Database adapter Mysql2


Replies (3)

RE: No permission to acces issue, created by the same person - Added by Armin Raygu over 9 years ago

I solved the problem.
Somehow the "Non Member" rights doesn't work. I had to put every user who is automatically created in a project and give him a role.
I still don't know why this doesnt work, if the user isn't in a group.

RE: No permission to acces issue, created by the same person - Added by Mischa The Evil over 9 years ago

In your case the project New-Tickets is most-likely not public. The issues are being created (because non-member role has :add_issues permission) and because you use no_permission_check=1 (see #4407). This is separated from project visibility, which deals with whether or not the created user, by using unknown_user=create (see r2789), has access to private projects resources (irrespective to the user is the author of any content or not).
Users who are not members of non-public projects and as such have the virtual system-wide non-member role only, can't view anything of these projects resources (see RedmineRoles). The user must have an explicit project membership role to see (anything of an) non-public project.
In Redmine 2.6.0 issue #17976 is implemented, which seems to be able (haven't tested this personally yet) to solve your issue if you add the build-in non-member group with a valid role as project member of project New-Tickets.

Edit by Mischa The Evil to add new information:

Actually, another solution seems to be available already starting with Redmine 2.3.0, which solved issue #13340. With that available you could place all the user accounts, generated by the mail handler, in one or more groups by default. As such, such group(s) can be added with a valid role as a project member of project New-Tickets.

    (1-3/3)