Through various permissions set up, my users can still edit the url to gain access to tasks they can not normally see.

I am requesting that for those who really want to know if this is an issue, we run a poll.

Why not navigate in dp to a task within your project. Then edit the task id in the url and see if it takes you to another task outside of the project, i.e. breaking the permissions.

then post your answers.

If anyone finds an error message to the effect of "you do not have permissiojn to see this task", it would be helpful to know the permissions you used to acheive this.

Kind regards

Lloyd

Sorry, but I can not reproduce what you are talking about.

If I change the URL to another Taks, it brings up the permission error.

My Setup:
I'm not using the roles that are shipped with DP202.
Because all of them have the "All-Non-Admin-Modules Allow All".

I have created a new role with absolutely restictive rights.
You should know, that every permission that you have not granted explicitely will be denied by access.

You definitely have somewhere a rule or permission that is wrong (or too wide).

Can you show us your permissions and rules?

gb5256

Sorry, but I can not reproduce what you are talking about.

If I change the URL to another Taks, it brings up the permission error.

My Setup:
I'm not using the roles that are shipped with DP202.
Because all of them have the "All-Non-Admin-Modules Allow All".

I have created a new role with absolutely restictive rights.
You should know, that every permission that you have not granted explicitely will be denied by access.

You definitely have somewhere a rule or permission that is wrong (or too wide).

Can you show us your permissions and rules?

gb5256

Hi

Each project worker has these settings as their role...

Files Access - allow
Add
Edit
View

Tasks Access - allow
View

Task Logs Access - allow
Add
Edit
View

Then each project worker has been specific access to their own project.

i.e. worker 'a' =
Hornsby House (company) access - allow
View

Hornsby Implementation (project)access - allow
View



My understanding is that they are only allowed to access tasks and task logs for the company and the project they are allocated to. Why should they be able to access task fro a completely different project?

Regards

Lloyd

I suspect that it's due to your "Tasks Access - Allow View" permission, but I can't reproduce it locally at the moment.

I am writing a bunch of Role/Permission examples for a dotProject Manual and I'll be putting some of them online this week.

Come on keystrokes remove your vote and say "Thank you thank you thank you gb5256" :)

Pedro A.

Hi Pedro

Even better, can this thread be deleted.