Feature #35044

Show notice on project's overview page when the project is public

Added by Go MAEDA 10 days ago. Updated 10 days ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Projects
Target version:-
Resolution:

Description

I suggest that when a project is set to public, the project overview page should show that the project is public and a message describes its impact. The message shown is the same as the one shown in the project settings page improved in #27009.

Although setting the project public sometimes may be dangerous, you cannot know if the project is public unless seeing the project's settings page.

It will be easier to notice if the project is set as public by showing the fact in the Members box. Since the Members box shows users who have access to the project, I think it is consistent to show if the project is visible by non-members or anonymous users.

public-status-in-members-box.png (44.2 KB) Go MAEDA, 2021-04-06 17:59


Related issues

Related to Redmine - Patch #27009: Clarify consequences of disabling the login_required setting Closed

History

#1 Updated by Go MAEDA 10 days ago

The following code is a sample implementation.

diff --git a/app/views/projects/_members_box.html.erb b/app/views/projects/_members_box.html.erb
index e915ab910..72d7fb97b 100644
--- a/app/views/projects/_members_box.html.erb
+++ b/app/views/projects/_members_box.html.erb
@@ -4,5 +4,10 @@
     <% @principals_by_role.keys.sort.each do |role| %>
       <p><span class="label"><%= role %>:</span> <%= @principals_by_role[role].sort.collect{|p| link_to_user p}.join(", ").html_safe %></p>
     <% end %>
+    <% if @project.is_public %>
+      <hr>
+      <p span class="label"><%= l(:field_is_public) %>:</span> <%= l(:general_text_Yes) %>
+      <em class="info"><%= Setting.login_required? ? l(:text_project_is_public_non_member) : l(:text_project_is_public_anonymous) %></em>
+    <% end -%>
   </div>
   <% end %>
</diff>

#2 Updated by Go MAEDA 10 days ago

  • Related to Patch #27009: Clarify consequences of disabling the login_required setting added

#3 Updated by Mizuki ISHIKAWA 10 days ago

+1

Private information may be leaked if the settings are mistakenly made public when creating a project.
I think this feature is needed to quickly notice that the project is open to the public.

#4 Updated by Kevin Fischer 10 days ago

+1

On a somewhat related note:
About 1 month ago we also implemented and posted a patch for a new permission for publishing projects in response to #9029 . Maybe this could be considered for Redmine 5.0 ? It would surely help to counter the security concerns regarding public projects....

Also available in: Atom PDF