Bug (closed)

Anonymous user cannot view tasks

Summary

closed
Jan 18, 2007
100%
May 29, 2007
Jan 18, 2007 / ariadacapo
Aug 5, 2009 / rafael.dalpra
 

Attached files

No files uploaded
 
This task does not have any text yet.
Doubleclick here to add some.

Issue report

Minor
Have not tried
Apache + php 5.1.5
streber 0.078
2007-01-04
-Set-up an anonymous user as described in http://www.streber-pm.org/index.php?go=taskViewAsDocu&tsk=2665
(including modifying customize.inc.php)
-Log-out
-Go to homepage
-Browse projects
-View tasks in a project [whether or not that project was assigned to the anonymous user]
-Click on task
Redirected to login page (but url is still /index.php?go=taskView&tsk=114) Error banner displays:
"Your IP-Address changed. Please relogin.
Error: Operation aborted with an fatal error (invalid task-id). Please help us by reporting a bug"

Note that the part about IP-Address changing is present browsing whichever page, from the computer previously used by the admin.
I don't know.
Reproducibility for me is "always" but I haven't tried on other installations.
My anonymous user has user rights "User can login" and "View anything"

 

7 Comments

pixtur:well probably this helps:

11 years ago

add following line to customize.inc.php:

from customize.inc.php

 confChange('CHECK_IP_ADDRESS', false);




ariadacapo:DIdn't work

11 years ago

(apologies for delay...)

Adding the line suppressed the IP address error, but not the fatal error (invalid task-id).

Don't know what to do here... This is not crucial to me.
If you need more information don't hesitate to ask.

pixtur:Very interessting...

11 years ago

It looks like this is a problem with user rights. Obviously a bug:
  1. The task is been displayed in lists (although it should be hidden)
  2. When directly accessing the task, the access is rejected and the user is sent to home / loginForm.
I have to figure out two points:
  1. Why can the guest see the tasks at all (you should have to publish them)
  2. Why is he sent to loginForm instead of home
You could help be providing following information:
  1. Which user rights does the anonymous use have? Please go to edit user rights and list the checked options.
  2. Which projecs rights in the project does he have? Go the Project View, select the anonymous user in team list and use the edit icon.
thanks for you help

ariadacapo:Some information

11 years ago

1) Anonymous User rights are
-Person can login
-View anything

2) I tried on two projects
  • P1: Anonymous user rights on P1 are role: Guest; job: Guest; Pulish to: open
Anonymous can view project, view list of tasks. List of tasks is incomplete (task folders are not displayed). Get error when click on one task.
  • P2 Anonymous user rights are: none (not part of team).
Anonymous can view project, view list of all tasks (there are no task folders in P2). Get error when click on one task.

You can see the pm at pm.getgnulinux.org, I can get you an admin account if you want, just contact me.

pixtur:View anything?

11 years ago

The first point here is that an anymous user with right see anything sees anything. Even private tasks. It's compareable like an admin account for viewing. Setting this to the anoynmous user is probably not a good idea.

A better solution would be to assign the user to the projects and set the project role to client trusted.

Nethertheless it have to figure out, why viewing tasks is broken.

ariadacapo:it depends

11 years ago

It depends what you try to do. In my case the PM is not for a company, but just to sort ourselves out.
We don't have anything here to keep confidential, and I prefer not to have to assign anonymous user to each project. I wish default to be "fully open".

pixtur:sound reasonable...

11 years ago

Thank you for this hint. This sound perfectly reasonable.

Due to your excellent description, it only took some minutes to figure out and fix the problem. I am not sure, when the next released version will be released, but I hope soon.