I'm looking for a part-time remote job.

Hire me

I'm the author of:

Mastering Redmine is a comprehensive guide with tips, tricks and best practices, and an easy-to-learn structure.

Check the book's project or

Buy the book

Social pages of the book:

By buying this book you also donate to Redmine (see this page).

Follow me:

Bug #2329

Mentions visibility

Added by Robert Roth about 10 years ago. Updated almost 7 years ago.

Status:
Under Verification
Priority:
Major
Assignee:
Andriy Lesyuk
Category:
-
Target version:
-
Start date:
12 Sep 2014
Due date:
% Done:

50%

Redmine version:
2.5.1, 3.3
External issue:

Description

Redmine setup:
Project A and B are not public projects, with several common members. Members of only one project can click the links of users involved in both projects, and in their activity they will see the mentions from the issues on the other projects, along with subject, project nam and other sensitive info. Mentions on objects belonging to a projwct whuch is not visible to the current usr should be hidden from activity streams.

fix_wiking_2329.diff View - Proposed patch (1.48 KB) Robert Roth, 15 Sep 2014 06:21

Associated revisions

Revision 83 (diff)
Added by Andriy Lesyuk almost 7 years ago

Added #visible? to Journal and Comment (#2329)

History

#1 Updated by Robert Roth about 10 years ago

I had to implement a workaround, so I have found the attached patch to be working. A bit slow, but at least no privacy issues anymore.
If you have a better way, feel free to suggest anything, I would be happy to implement it.

#2 Updated by Andriy Lesyuk about 8 years ago

  • Status changed from New to Open
  • Assignee set to Andriy Lesyuk
  • Priority changed from Normal to Major
  • Target version set to 1.1.0

#3 Updated by Andriy Lesyuk almost 7 years ago

  • Status changed from Open to In Progress
  • Redmine version changed from 2.5.1 to 2.5.1, 3.3

Looks like, this applies only to journals (not to issues themselves).

#4 Updated by Andriy Lesyuk almost 7 years ago

  • Status changed from In Progress to Under Verification
  • Target version deleted (1.1.0)
  • % Done changed from 0 to 50

I fixed this issue (I believe) by implementing visible? for Journal and Comment (in r83). If visible? is not implemented for a mentioned object, such mention is always shown. So, implementing proper visible? solves the issue.

However, I’m not sure, that all such cases are fixed (I made search and found only Journal and Comment, but I could miss something). That’s the reason, why I leave this bug open.

P.S. The fix by Robert is more universal, but it’s generally not correct (non-members can have access to the project too). Besides, as it was mentioned, it’s slower (according to Robert – I did not test this).

Also available in: Atom PDF

Terms of use | Privacy policy