Defect #17158


403 error when trying to view project/issue details

Added by Marcin Skoczylas almost 9 years ago. Updated almost 9 years ago.

Needs feedback
Accounts / authentication
Target version:
Start date:
Due date:
% Done:


Estimated time:
Affected version:



I've had a working instance of Redmine 2.3.0 started on Thin web server (v1.5.1 codename Straight Razor) working for last year: thin start --ssl -e production. Today I wanted to add support to send emails and I configured GMail correctly (via configuration.yml), sending emails works perfectly now... I'm not sure if that broke configuration as I literally added few lines to configuration.yml but...

Now all my users that are not administrators can't access their private projects with 403 error message. If project is public everything works fine, also administrators can access the private projects. List of projects by regular members can be seen in /projects URL, also issues are shown in dashboard, but when member wants to go into the project or issue details the error is thrown (excerpt from production.log):

Started GET "/projects/xxxxx" for 89.x.y.z at 2014-06-11 11:37:50 +0200
Processing by ProjectsController#show as HTML
Parameters: {"id"=>"xxxxx"}
Current user: j.member (id=2)
Rendered common/error.html.erb within layouts/base (0.1ms)
Filter chain halted as :authorize rendered or redirected
Completed 403 Forbidden in 20ms (Views: 10.7ms | ActiveRecord: 1.6ms)
What's going on?? What this error means? Where I can start digging, as I do not see any clue in this? I changed member roles to allow for everything, but still they get 403... I'm really desperate as I can't find anything in settings that could cause this. Could you please give me a hint what to do to get this working back?

I've changed logger to debug and I got some more details:

Role Load (0.1ms)  SELECT "roles".* FROM "roles" WHERE "roles"."builtin" = 1 LIMIT 1
Rendered common/error.html.erb within layouts/base (0.1ms)
Is this a bug in Redmine? Why selecting roles creates an error?

I've upgraded Redmine to 2.5.1 but the problem is still there. This seems as a bug as I can't properly configure this via admin Settings. I gave all privileges to members but still they receive 403 error.


project-creation.png (10.9 KB) project-creation.png Marcin Skoczylas, 2014-06-11 17:33

Also available in: Atom PDF