Is there anyway that we can allow user for only one project and deny for the rest of the projects without going over all of the projects and DENY user for the rest?

This is what my boss said

"what happens when I have 30 projects in the hopper and have to add a new user. I have to go through 30 times to make sure the user is “Denied”

I really need to get this done as he wants... I am modifing the DP and make it look like exactly what he wants... I have been working on it over 2 weeks now.

Please if anyone knows how to do this, please let me know.

thank you in advance

Is there anyway that we can allow user for only one project and deny for the rest of the projects without going over all of the projects and DENY user for the rest?

This is what my boss said



I really need to get this done as he wants... I am modifing the DP and make it look like exactly what he wants... I have been working on it over 2 weeks now.

Please if anyone knows how to do this, please let me know.

thank you in advance

1. Create a role with projects deny all
2. for each user you create allocate this role and add a individual permission on the required project object

where and How you do that?

Thank you

where and How you do that?

Thank you

To create a new role go to System Admin >> Roles and you set the permissions associated to the new role.
To create permission on projects to each user, you go to User Admin and click on the small yellow lock in front of the user name.

Everything is describe in detail in the doc site here (http://docs.dotproject.net/index.php/Permissions).

I created a new role named "Deny All"... and set the permission to DENY for all projects.

Projects

Access
Add
Delete
Edit
View

deny

then i went to a user to edit permission for that user... I set the Roles as follows

Deny All
Client

So this user has two roles (Deny All and Client)

Then I gave Access, Add, Delete,Edit and View Permission to this user for only ONE PROJECT.

When I logged as a user using this user's login information, I did not see any project at all NOT EVEN THE ONE I GAVE PERMISSION.

Any idea where I am doing wrong?

Thanks

I''ll continue in this topic since I got about the same problem...

I'll try to explain the best way I can and give you as much information as I can think of:

Here's what I would want my system to be like:

I got 2 users:
userA and userB

they both work on 2 different projects
projectXYZ and projectQWERTY

userA on projectXYZ and userB on projectQWERTY

now what I want is that when they login, they get to see that nice
project link at the top and when they click it they only see the
project they work on...

now here's what I atm managed to setup:

I got 2 users, userA and userB
I got 2 projects, projectXYZ and projectQWERTY
I made the role 'Project Worker' having:
Non admin functions - Allow - All
Projects - Deny - All
Tasks - Deny - Add, Delete, Edit

then they both get this role and I setup their permissions:
for userA I added this one:
Projects :: projectXYZ - Allow - All
and for userB:
Projects :: projectQWERTy - Allow - All

Now with this setup you'd think it would work, at least I did!
but there is no 'Projects' link @ the top of the screen.
Now I can just type in '/index.php?m=projects' and then WOW its there!!


now this is ALMOST what I want (and I think also what the person wanted who started this topic and those who replied having the same problem), but how do i get that freakin link there! I'm not retarded, but the ppl who will be working with dotProject are and they will defenatly NOT like typing in that link over and over again.....


thanks in advance!
btw if it's just the way it is and there is no other way to get this done, please let me know to! then I'll just break into the code and change it myself....

DarkSaiko,

First of all it is not the same problem that you are having...

The solution for your problem is setting up the right permissions for each user.

What you need to do is go to User Management and then find the userA then click on the user name.

Click on Permissions Tab

Module: Projects

Item: projectXYZ

Check the Permissions you want for this project.

Roles should be Project worker.

This should allow the "Project" link to be displayed on the user link menu.

You need to do all this step for the second worker as well..

But What I am trying to do is to minimize this and instead of going over all of the projects to allow and deny... I need to DENY for all at one time for ALL CREAED PROJECTS and allow for only assigned project to the user.

Thank you

I''ll continue in this topic since I got about the same problem...

I'll try to explain the best way I can and give you as much information as I can think of:

Here's what I would want my system to be like:

I got 2 users:
userA and userB

they both work on 2 different projects
projectXYZ and projectQWERTY

userA on projectXYZ and userB on projectQWERTY

now what I want is that when they login, they get to see that nice
project link at the top and when they click it they only see the
project they work on...

now here's what I atm managed to setup:

I got 2 users, userA and userB
I got 2 projects, projectXYZ and projectQWERTY
I made the role 'Project Worker' having:
Non admin functions - Allow - All
Projects - Deny - All
Tasks - Deny - Add, Delete, Edit

then they both get this role and I setup their permissions:
for userA I added this one:
Projects :: projectXYZ - Allow - All
and for userB:
Projects :: projectQWERTy - Allow - All

Now with this setup you'd think it would work, at least I did!
but there is no 'Projects' link @ the top of the screen.
Now I can just type in '/index.php?m=projects' and then WOW its there!!
../..

You should allow Access to projects in the role definition so that the link in the menu bar at the top of the screen is displayed. (or you can select the project index page as default page in System Config... but it is another story!!)

I created a new role named "Deny All"... and set the permission to DENY for all projects.

Projects

Access
Add
Delete
Edit
View

deny

then i went to a user to edit permission for that user... I set the Roles as follows

Deny All
Client

So this user has two roles (Deny All and Client)

Then I gave Access, Add, Delete,Edit and View Permission to this user for only ONE PROJECT.

When I logged as a user using this user's login information, I did not see any project at all NOT EVEN THE ONE I GAVE PERMISSION.

Any idea where I am doing wrong?

Thanks

I must admit that "theoreticaly" it should work ... but I suspect that it is difficult for the permission system to "understand" what you mean at role level ... I suppose that the client role includes projects access/view allow permission whereas the "deny all" role does not allow the same.. and finally the user level permission is set to view a specific project.
Just take the following approach (drop existing predefined roles until you believe that they fit with your requirements ;) ):
1. think about the different types of dP user you have in YOUR organisation : client, project manager, project worker and define which dP tools they need;
2. for each type of user, set a specific role having in mind that (i) the role indicates the most common behaviour (i.e. if a given user should have access to no project except one, the associated role should be project>>view>>deny!), (ii) to have access to a project you need to have view permission on the project company.
3. Then go to User Admin and set Role and Permissions accordingly.

I am sorry but i could not get it worked as we want.

When you add a new user, we do not want them to see any project till after we
give him permission to access, delete, add, view and edit.

So, new users should be marked as "DENY" for all projects... Then we want to give them permission to whichever project we want...

thanks in advance for all replies

I am sorry but i could not get it worked as we want.

When you add a new user, we do not want them to see any project till after we
give him permission to access, delete, add, view and edit.

So, new users should be marked as "DENY" for all projects... Then we want to give them permission to whichever project we want...

thanks in advance for all replies

It is precisely what I have explained above.... create a role with whatever permissions is convenient for you (if I do understand, the role should include projects view/add/edit/delete deny ... but you need also to set permission to companies, forums, tasks, etc... according to your requirements); when creating a new user allocate this role to the new user and use user permission to allow access only to those projects the new user is entitled to see...

I think there is an example here that matches what you are after:

http://docs.dotproject.net/index.php/Permissions_-_Examples_of_Permission_Setups

See if that makes sense / works.

Ok I just created a new role named it "Deny All"

question is where I go to give permissions for this Role?

I did it early morning today but now i could not find that page where you give permissions to a Role...

I have been modifying the DP..... I hope i did not delete it...

Anyone knows the URL for giving permission for the role just created.

As far as I remember page title was "View Role"

thank

System Administration -> User Roles is where roles are administered.

OK i see it now... I do not know why but i could not see that link with Mozilla

I saw it at IE...

Let's see now what will happen... I hope i will get it done.


thanks for all

OK,

I create Deny All role with these permissions


Projects
Access
allow

Projects
Add
Delete
Edit
View
deny

Files
Access
Add
Delete
Edit
View
allow

Companies
Access
Add
Delete
Edit
View
allow

everything works fine but even if I can see the files uploaded on the index page (index_table.php) of files (that has permissions of access and view), I can't see these files under folders_table under Projects page Files tab.


Here is the user permissions

Companies
xxx Company
Access
View
allow

Projects
ProjectName xxxx
Access
Add
Delete
Edit
View

allow

Projects
ProjectName B
Add
Delete
Edit
View

allow

I also tried this by giving all permissions to Files (ALL), still not shown on folders_table.php

Any idea

anyone ?

thanks

Ok, I copied files/index_table.php over to folders_table.php and make necessary changes that we need...

IT WORKS NOW.

thank you guys

I'm checking in the code on this as I've been able to duplicate this behavior in the restrictive permission set given above yet I cannot duplicate it under a more permissive set of permissions (i.e. Allowing Access and View on all Non-Admin Modules).

In the mean time, try setting Tasks to allow Access and View in the role and see if that helps any.

Ok, I copied files/index_table.php over to folders_table.php and make necessary changes that we need...

IT WORKS NOW.

thank you guys

Um.... that may not have been a good solution (depending on your goals) as you've now wiped out the "Folder Explorer" tab view and replaced it with the original view. In a nutshell, you made the "Folder" field under the file details pretty much useless as you wrote over the display file which made use of that field.

Of course, if you (read: powers that be) don't feel a need for the folder view, then it doesn't hurt much of anything ;) .

In the mean time, I'm going though the code in folders_table.php while I try to make sense of what's going wrong (and clean some messy coding in the process). It's lovely fun it is!!! :rolleyes:

I did not only copy the files over to folders_table.php as I said i made the necessary changes as we need.

I do not recommend anyone to do this since we are modifing the DP and make it to suit what we need.

thank you

I did not only copy the files over to folders_table.php as I said i made the necessary changes as we need.

I do not recommend anyone to do this since we are modifying the DP and make it to suit what we need.

thank you

Ah ok.. the way in which you worded it made me think otherwise.

If possible, please note what changes you made that fixed the view issue. I have a bug report (http://www.dotproject.net/mantis/view.php?id=2261) logged in Mantis on this permissions/view issue. Any insight you could give either here in the Forums or in Mantis would be helpful to keep me from having to retrace similar steps.

added this code to the folders_table.php

// SETUP FOR FILE LIST
$q2 = new DBQuery;
$q2->addQuery('f.*'.
', max(f.file_id) as latest_id'
.', count(f.file_version) as file_versions, round(max(f.file_version),2) as file_lastversion');
$q2->addQuery('ff.*');
$q2->addTable('files', 'f');
$q2->addJoin('file_folders','ff','ff.file_folder_id = file_folder');
$q2->addJoin('projects', 'p', 'p.project_id = file_project');
$q2->addJoin('tasks', 't', 't.task_id = file_task');
if (count ($allowedProjects)) {
$q2->addWhere('( ( ' . implode(' AND ', $allowedProjects) . ') OR file_project = 0 )');
}
if (count ($allowedTasks)) {
$q2->addWhere('( ( ' . implode(' AND ', $allowedTasks) . ') OR file_task = 0 )');
}
if ($catsql) {
$q2->addWhere($catsql);
}
if ($company_id) {
$q2->addWhere("project_company = $company_id");
}
if ($project_id) {
$q2->addWhere("file_project = $project_id");
}
if ($task_id) {
$q2->addWhere("file_task = $task_id");
}
$q2->setLimit($xpg_pagesize, $xpg_min);
// Adding an Order by that is different to a group by can cause
// performance issues. It is far better to rearrange the group
// by to get the correct ordering.
$q2->addGroup('project_id');
$q2->addGroup('file_version_id DESC');


$q3 = new DBQuery;
$q3->addQuery('file_id, file_version, file_version_id, file_project, file_name, file_task, task_name, file_description, file_checkout, file_co_reason, u.user_username as file_owner, file_size, file_category, file_type, file_date, cu.user_username as co_user, project_name, project_color_identifier, project_owner, con.contact_first_name, con.contact_last_name, co.contact_first_name as co_contact_first_name, co.contact_last_name as co_contact_last_name ');
$q3->addQuery('ff.*');
$q3->addTable('files');
$q3->addJoin('users', 'u', 'u.user_id = file_owner');
$q3->addJoin('contacts', 'con', 'con.contact_id = u.user_contact');
$q3->addJoin('file_folders','ff','ff.file_folder_id = file_folder');
$q3->addJoin('projects', 'p', 'p.project_id = file_project');
$q3->addJoin('tasks', 't', 't.task_id = file_task');
$q3->leftJoin('users', 'cu', 'cu.user_id = file_checkout');
$q3->leftJoin('contacts', 'co', 'co.contact_id = cu.user_contact');
if (count ($allowedProjects)) {
$q3->addWhere('( ( ' . implode(' AND ', $allowedProjects) . ') OR file_project = 0 )');
}
if (count ($allowedTasks)) {
$q3->addWhere('( ( ' . implode(' AND ', $allowedTasks) . ') OR file_task = 0 )');
}
if ($catsql) {
$q3->addWhere($catsql);
}
if ($company_id) {
$q3->addWhere("project_company = $company_id");
}
if ($project_id) {
$q3->addWhere("file_project = $project_id");
}
if ($task_id) {
$q3->addWhere("file_task = $task_id");
}

$files = array();
$file_versions = array();
if ($canRead) {

$files = $q2->loadList();
$file_versions = $q3->loadHashList('file_id');
}

and change this line

$q2->addGroup('project_id');
$q2->addGroup('file_version_id DESC');

to $q2->addGroup('project_id');
$q2->addGroup('file_date DESC'); so then it orders by DATE....

This is all i remember what changes i made at the moment.... i will post if i remember what else i did.

thank you

Thanks for the code snippets by the way. I wound up going a different direction with the fix, but the mention still helped. I've since resolved the bug report so you may want to check out the report.