Defect #4365
closed
Administrator cannot see issues for which he's not project member
0%
Description
When someone reports an issue with the accessibility of an issue to the administrator, giving him a link to the issue, it is impossible for the admin to see the task (and so solve the problem) if he's not member.
The problem is that not being able to access the issue makes it impossible to know the project in which it is and, as such, impossible (or completely impractical) to add himself as member of the project or to indicate to the corresponding managers that there is a problem with this issue.
This defeats a certain level of usability, where the administrator, who should be able to help in all circumstances, cannot even locate the corresponding issue without another exchange with the user to know in which project it is located.
An easy solution would be to grant the administrator access to all issues.
Another (less easy) solution would be to provide at least a page for the admin to see in which project each task is.
Updated by Yannick Warnier over 14 years ago
Reproducing the problem:
- Joe is admin
- Sam is project manager for project A
- Arthur is reporter for project B
- Lynn is reporter for project A
- Lynn reports to Arthur that an issue (123) she's working on is very similar to an issue of project B he's just explained to her
- Arthur tries to access the link to issue 123 provided by Lynn in project A
- Arthur realizes he doesn't have access to 123, so he writes to the Redmine admin because he believes he should have access to this issue (and provides acceptable reasons for that)
- Arthur gives the link to the issue to the admin, but doesn't know to which project it belongs
- Joe (admin) tries to access the link to see in which project it is (to add Arthur as a project member) but the page gives him a "This page doesn't exist"
- Joe has to ask Arthur to ask his source (Lynn) to tell him which project it is located in, in order to fix the problem...
- Everybody is just fed up with that stupid system of permissions ;-)
Updated by Jean-Philippe Lang over 14 years ago
I can't reproduce. Any administrator can access any issue of a non-archived project, even if he's not a project member.
If it doesn't work, please read SubmittingBugs.
I'm just fed up with that kind of stupid bug report ;-)
Updated by Yannick Warnier over 14 years ago
You're right, my mistake, I got confused between 3 different installs. Sorry about that.
Can't change this bug to "Not a bug" status, can you?
The problem is still true for a normal user though, but I'll try to find a correct definition of the problem: the normal user should have a clear message stating he doesn't have access because it's part of project X instead of getting a 404. Any way to change that behaviour?
Updated by Jean-Philippe Lang over 14 years ago
- Status changed from New to Closed
- Resolution set to Invalid
That would be easy to do. But disclosing the name of a private project that the user doesn't belong to is not really an option.