Feature #1543

Setting permissions for viewing the Activity page.

Added by José Campos almost 9 years ago. Updated 7 months ago.

Status:NewStart date:2008-06-28
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Permissions and roles
Target version:Candidate for next major release
Resolution:

Description

There should be a permission option for granting or denying access to the Activity page. Note: for user that don't have access to logtime, it's even more relevant, since they can infer the time spent in each issue and have a notion of the work being done by the developers.

locales_en.patch Magnifier (1.03 KB) Michael Esemplare, 2013-01-30 06:40

redmine.rb.patch Magnifier (770 Bytes) Michael Esemplare, 2013-01-30 06:40

default_data_loader.patch Magnifier (2.51 KB) Michael Esemplare, 2013-01-30 07:05

view_activity_permission_trunk.patch Magnifier - Patch against trunk r12982 (2.5-stable) (5.32 KB) Michael Esemplare, 2014-03-19 07:27


Related issues

Duplicated by Redmine - Feature #849: Roles and Permissions Closed 2008-03-14

History

#1 Updated by Mark Gallop almost 9 years ago

I also think this is a good idea. I ended up creating a "restricted view" custom field for users so that I could hide many of the things that Redmine shows by default.

José, if you haven't already done it, you could edit lib/redmine.rb and make the following changes to restrict access to the Activity view.

 # Permissions
 Redmine::AccessControl.map do |map|
-  map.permission :view_project, {:projects => [:show, :activity]}, :public => true
+  map.permission :view_project, {:projects => [:show]}, :public => true
   map.permission :search_project, {:search => :index}, :public => true
   map.permission :edit_project, {:projects => [:settings, :edit]}, :require => :member
+  map.permission :view_activity, {:projects => [:activity]}
   map.permission :select_project_modules, {:projects => :modules}, :require => :member

You would then need to set "View activity" in Administration -> "Roles and permissions" if you wanted a user to see the activity.

Mark

#2 Updated by José Campos almost 9 years ago

Thanks, Mark, I'll try it.

#3 Updated by Ricardo V.C. almost 9 years ago

Hello:

I am also interestedd about this feature, Mark I've tried your solution,I get the checkbox in the role view but no effect after restarting redmine. :(

regards

#4 Updated by Mark Gallop almost 9 years ago

Richardo,

Are you trying out the permissions as a user with "administrator" set? If so, try testing it with a non-admin user who has "View activity" unchecked.

If that doesn't work, let me know and I will have another look at what I changed.

Cheers,
Mark

#5 Updated by Ricardo V.C. almost 9 years ago

Hello Mark:

No, the user I'm trying with has the flag "administrator" off. :(
I can move the rhtml page out but it's very ugly solution.
thx for your help

Regards

#6 Updated by Lane Roathe over 8 years ago

Another ping for this feature in the core.

Mark, I did your quick update and I was able to disable Activity views for roles. Thanks for sharing that!

PS: Seems related to Issue #849.

#7 Updated by Lane Roathe over 8 years ago

Ok, so now the question I have is: how do I prevent access to the

  1. Overview
  2. Roadmap
  3. Issues

tabs?

#8 Updated by Wim DePreter over 4 years ago

What's the status for this issue?
I have a simular request for hiding activity-tab, but I think it should be a user setting (set by administrator), because activity log can also be consulted per user.
We're using Redmine internally for the moment. Now we want to use it also with our customers, but we don't want that our customers consult the activity page, so disabling the activity page only for them (on projects, users, ...) would be really nice.

#9 Updated by Michael Esemplare over 4 years ago

I have attached a patch for redmine 2.2.

Note: Looking at redmine 2.1 the patch should be fine. However looking at redmine 2.0 and 1.x, you might need to remove the :read => true attribute.

I also took a stab at patching the default_data/loader.rb. Didn't test the loader because I don't have a blank install at hand.

Wim De Preter,
This is a role based patch. You will have to update any existing roles to include the "View Activity" permission.

I do not know how your Redmine is set up, but creating groups for your customers eases the permissions process. This way you create a group for your customers, add the customers to the group or groups, and then assign the group to a project with a role. Then anyone in that group has that role and any permission changes will be inherited.

#10 Updated by Mathias K. about 4 years ago

This patch will not disable the "Overall activity" link on the project page. Any hints?

#11 Updated by Michael Esemplare about 4 years ago

Mathias,

That is true, there were other places the activity is accessible that I did not know at the time. One for example is the user's page, it displays information about the user including activity. I have patched internally and will try to come up with a decent patch here.

Another thing outside of this issue that could have access control:

This one site I'm building the customer doesn't want the users to have any access to these.

#12 Updated by Florian Kaiser over 3 years ago

+1

#13 Updated by Gurvan Le Dromaguet over 3 years ago

+1 Implementing patch on my site.

#14 Updated by Y Z over 3 years ago

+1

#15 Updated by Michael Esemplare over 3 years ago

I've added an updated patch that:

The patch is against trunk r12982 (2.5-stable), so you might not be able to run `patch -p0 -i view_activity_permission_trunk.patch` on your redmine install.

All modifications should work with 2.1+, tested with 2.2, 2.4 and 2.5 stable.

As noted previously, if running redmine 2.0 and 1.x, you might need to remove the :read => true attribute in lib/redmine.rb.

#16 Updated by Mark Stroeve over 2 years ago

Michael Esemplare wrote:

I've added an updated patch that:

The patch is against trunk r12982 (2.5-stable), so you might not be able to run `patch -p0 -i view_activity_permission_trunk.patch` on your redmine install.

All modifications should work with 2.1+, tested with 2.2, 2.4 and 2.5 stable.

As noted previously, if running redmine 2.0 and 1.x, you might need to remove the :read => true attribute in lib/redmine.rb.

We use this patch its working great. The only problem is that we have to apply the patch every time gets updated. And the patch doesnt work out of the box with 2.6.1

How would we get this patch (or updated version) to be part of te redmine core?
Its seems to be a nice enhancement.

#17 Updated by Jean-Philippe Lang over 2 years ago

  • Target version set to Candidate for next major release

The problem with the latest patch is that a user who is allowed to view the activity on a single project will be able to see all projects' activity on the cross project activity page. Is it the expected behaviour? I think he should only see the activity of the projects for which he has the view_activity permission.

#18 Updated by Oleg Aksenov over 2 years ago

+1

#19 Updated by Gregory Van der Steen 7 months ago

+1

Applied a modified version of the patch (+loader) on redmine 3.3.x and it's working as aspected. I am glad this issue is targeted for the next major release.

Also available in: Atom PDF