Feature #17747
open
  
        
        Added by Wim DePreter about 11 years ago.
        Updated over 4 years ago.
        
Category:
Permissions and roles
 
  
  
  
  Description
  
  This is a proposal for changing visibility of some project (non-)members, by using private roles.
Private roles could be used:  
	
	- to give users access to a private project, without being visible as project members
 f.e. read-only access (users can't be assignees or authors)
- to change permissions of users to a public project, without being visible as project members
 f.e. give trusted users (non contributors) the permission to create issue-relations on redmine.org
The visibility of users with a private role is equivalent to the "Non member" role
This implies certain changes:
	
	- a boolean-attribute "private" on roles
- private role and users with this role are not listed in project overview
- users with (only) a private role are not listed:
	
	- in issue query - user-combobox (author, assignee, custom user field)
- in issue summary (assignee/author list)
 
- users with (only) a private role are visible (like non-members) if they acted on an issue (as author or when adding a note):
	
	- in activity overview
- in issue detail
- in issue query if grouped by author/assignee
 
Note that a user can have a private role on a certain project, and a public role (member) on another project
	
Optional - permission "view private users"¶
	If a user has the permission "view users with private role", then users with private roles are treated the same as users with public roles
	
Some related issues:¶
	
	- defect #7645 could be resolved by giving readonly users a private role
- #11724
 
  
  Files
  
 
  
  
    
    
    
    
       - Related to Defect #7645: Issue summary should filter Assignee & Author lists added
 
   
  
  
    
    
    
    
       - Related to Feature #11724: Prevent users from seeing other users based on their project membership added
 
   
  
  
    
    
    
    With implementation of 
#11724, my requested optional permission "view private users" should be changed into an extra option for Users visibility, which should have 3 options:
	
	- (existing) All active users
- (existing) All members of visible projects
- (new) All non-private members of visible projects
Some use-cases
	
	- Give readonly-access for a private project to users without being visible to other users (f.e. for reporting)
- Hide "internal" users (this is our case)
 we have a private project per customer and:
	- all "internal" users should have access (via private role) to all customer projects
- "customer" user should only see 
	
	- other users of the same customer (by definition, customer user has only access to his project) 
- account manager for that customer ("account manager" is a not-private role)
- none of the (other, i.e. different from the account manager) "internal" users
 
I see also a relationship with #6015 and #13533
 
   
  
  
    
    
    
    
    I've no experience with Ruby, but inspired by (and building on) the modifications for #11724, I've created a patch.
It's very basic (created with trial and error), and maybe there are still some issues with it.
Usage:
	
	- A role is private if name begins with "private." 
 (this should be a new "private" attribute on roles, but I don't want to introduce database-changes with a patch)
- Only administrator can assign a private role to a user/group
Remarks:
	
	- Patch doesn't work for Custom User Fields (we don't use these, and I couldn't find how to filter the list)
- Role option user visibility = "Members of visible projects" is always considered as "All non-private members of visible projects" 
- I've reverted a change from r13584 (users_controller.rb), because if user with private role (or non-member?) acts on an issue (or is assigned to an issue), user-detail should be visible
- I didn't find a way to filter the detailed view in issue-summary for assignees or authors, so a page 404 is shown instead (if current user can't see all members)
- Patch is tested in a single-user environment (bitnami-package), maybe there are some performance-issues
 
   
  
  
  
  
    
    
    
    
       - Related to Feature #13533: Concept for controlling visibility of users added
 
   
  
  
    
    
    
    Can I apply this patch on Redmine 3.1.1? I also have bitnami package. I am getting a reject file project.rb.rej:
--- app/models/project.rb    (revision 14045)
+++ app/models/project.rb    (working copy)
@@ -31,7 +31,10 @@
   has_many :time_entry_activities
   has_many :members,
            lambda { joins(:principal, :roles).
-                    where("#{Principal.table_name}.type='User' AND #{Principal.table_name}.status=#{Principal::STATUS_ACTIVE}") }
+                    ## begin patch private role
+                    #where("#{Principal.table_name}.type='User' AND #{Principal.table_name}.status=#{Principal::STATUS_ACTIVE}")}
+                    where("#{Principal.table_name}.type='User' AND #{Principal.table_name}.status=#{Principal::STATUS_ACTIVE} AND #{Role.table_name}.name NOT LIKE 'private.%'")}
+                    ## end patch private role
   has_many :memberships, :class_name => 'Member'
   has_many :member_principals,
            lambda { joins(:principal).
	Not sure why this happened. When I add private to developer role it is not private, it is visible in the project overview when the reporter logs in.
	Thanks
	Filip
 
   
  
  
    
    
    
    
    I've made some changes to my patch for Redmine 3.2
Usage:
	
	- A role is private if name of role begins with "private." (case-sensitive!) 
- Only administrator can assign a private role to a user/group
Extra remarks (see also 
#17747#note-4):
	
	- Patch has no impact on Custom Fields of type User, but it is possible in Redmine:
	
	- to select which users (by role) are listed
- which users (by role) can see the custom field
 
 
   
  
  
    
    
    
    
    Wim DePreter wrote:
	
	- I didn't find a way to filter the detailed view in issue-summary for assignees or authors, so a page 404 is shown instead (if current user can't see all members)
	I've updated my latest patch, so that detailed issue summary for authors/assignees is possible for every user
 
   
  
  
    
    
    
    
    I've made some small changes:
	
	- private roles are now visible in project-overview for admin-users
- undo (most of) my changes to user_controller.rb, because the patch is meant to hide the user-info of private-roles
	
	- as a consequence, when user A with (only) a private role acts on an issue, and user B (without permission to view all users) tries to consult the user-info of user A, he will get an error-message 403 (not authorised).
- in the old version, all user-info of private members was available to all members (this could be a problem with confidentiality)
 
If someone with more ruby-experience wants to improve this patch, feel free, because:
	
	- I'm not totally happy with my modifications to principal.rb
- all private roles are still listed in user-info
 
   
  
  
    
    
    
    
    update patch for redmine 4.2 (still very basic, because i have no Ruby experience)
 
   
  
 
  
  
 
Also available in:  Atom
  PDF