Restriction of user visibility isn't working with internal authentication
|Status:||Needs feedback||Start date:|
I'm using Redmine 3.3.1 (Debian Stretch). I have two authentication methods configured: internal and LDAP. In the Settings I use the following settings:
- User visibility: Members of visible projects
- Member management: All Roles
- Permissions: Manager members
I dicovered that the restriction to view only members of visible projects (in every project's members configruration) only works for users with LDAP authentication. If a user account uses the internal authentication it can view the list of all redmine user accounts.
#1 Updated by Toshi MARUYAMA 9 days ago
- File show-user.png added
- Status changed from New to Needs feedback
I cannot reproduce on vanilla Redmine 3.3.5.
I got 404 on both of internal and ldap.
Philip Heise wrote:
If a user account uses the internal authentication it can view the list of all redmine user accounts.
Which form is the list?