Project

General

Profile

Actions
Copy link

Feature #9029

closed

Disable public project creation on a role basis

Added by Jérôme BATAILLE over 12 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Project settings
Target version:
-
Start date:
2011-08-10
Due date:
% Done:

70%

Estimated time:
Resolution:
Fixed

Description

This feature implies to :
- Add a new role permission "Add public projects"
- Hide / show the public checkbox in the create / edit project page.

Files

Download all files
feature_9029_public_project_creation_role_permission.diff (2.91 KB) feature_9029_public_project_creation_role_permission.diff Jérôme BATAILLE, 2011-08-12 12:34
feature_9029_public_project_creation_role_permission_V1.1.diff (2.9 KB) feature_9029_public_project_creation_role_permission_V1.1.diff Jérôme BATAILLE, 2011-08-16 12:13
feature_9029_public_project_creation_role_permission_V1_.2.diff (2.9 KB) feature_9029_public_project_creation_role_permission_V1_.2.diff Jérôme BATAILLE, 2011-08-16 15:02
public-project-permission-9029.patch (7.66 KB) public-project-permission-9029.patch Kevin Fischer, 2021-02-13 08:13

Related issues

Related to Redmine - Feature #38048: Introduce permission to set a project publicClosedGo MAEDA

Actions
Has duplicate Redmine - Feature #6913: An option to prevent making projects publicClosed2010-11-16

Actions
Actions
Copy link
 #1

Updated by Jérôme BATAILLE over 12 years ago

Our company needs this feature.
We are developing this feature and we will propose a patch very soon.
Hope this feature will please some users :-)

Actions
Copy link
 #2

Updated by Jérôme BATAILLE over 12 years ago

Here is the patch with FR and EN translations.
Not testing included.

Actions
Copy link
 #3

Updated by Jérôme BATAILLE over 12 years ago

  • Assignee changed from Jean-Philippe Lang to Jérôme BATAILLE
Actions
Copy link
 #4

Updated by Jérôme BATAILLE over 12 years ago

  • Assignee changed from Jérôme BATAILLE to Jean-Philippe Lang
  • % Done changed from 0 to 70
Actions
Copy link
 #7

Updated by Jérôme BATAILLE over 12 years ago

The patch works with Redmine V1.2.1

Actions
Copy link
 #8

Updated by Jean-Philippe Lang almost 12 years ago

  • Subject changed from Disable public project creation on a rôle basis to Disable public project creation on a role basis

This patch only hides the checkbox but does not check for permission when submitting the form.

Actions
Copy link
 #9

Updated by Go MAEDA about 7 years ago

  • Has duplicate Feature #6913: An option to prevent making projects public added
Actions
Copy link
 #10

Updated by Kevin Fischer about 3 years ago

Mizuki Ishikawa, Mitsuyoshi Kawabata and me made another patch to solve this issue.

We added a new permission called "Publish Project" which allows (un)publishing a project.
When you don't have that permission we just show the current state of the project as a label.

We could not find a proper CSS class for just displaying a label inside the setting tab, so we just wrote the style directly in the style attribute for now. If anyone has a better suggestion please tell us.

We added unit tests and a migration which will give the "Publish Project" permission to all Roles that had the "Add Project" or "Edit Project" permission until now to preserve the permissions of existing users.

Actions
Copy link
 #11

Updated by Mizuki ISHIKAWA about 3 years ago

When allowing users to manage projects, system administrators need to worry about projects that should be private are not public.
Unintended disclosure of information can lead to major information leaks.

By adding this permission, only some trusted users can publish the project.
It will reassure many system administrators.

Actions
Copy link
 #12

Updated by Go MAEDA about 3 years ago

I am not a big fan of adding new permission in the project setting.

I personally do not think there is much necessity of this feature for the following reasons:

  • As long as admin enables "Login required", the project will never become world-accessible
  • It complicates permission management. Two permissions "Edit project" and "Publish project" are required to change the project's "public" setting
Actions
Copy link
 #13

Updated by Mizuki ISHIKAWA about 3 years ago

Go MAEDA wrote:

I am not a big fan of adding new permission in the project setting.

I personally do not think there is much necessity of this feature for the following reasons:

  • As long as admin enables "Login required", the project will never become world-accessible

I think there may be projects that have information that should not be shown to unauthorized users even if they are logged in (in some cases, employees of other companies are invited to Redmine).
I think we need a feature that restricts the project from being published by general users.

  • It complicates permission management. Two permissions "Edit project" and "Publish project" are required to change the project's "public" setting

How about adding a setting that "allows general users to publish the project" instead of permissions?
If this setting is turned off, only the administrator can publish the project.

Actions
Copy link
 #14

Updated by Go MAEDA over 1 year ago

  • Related to Feature #38048: Introduce permission to set a project public added
Actions
Copy link
 #15

Updated by Go MAEDA over 1 year ago

  • Status changed from New to Closed
  • Assignee deleted (Jean-Philippe Lang)
  • Resolution set to Fixed

The same feature was implemented by #38048.

Actions
Copy link

Also available in: Atom PDF