Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums
  • Feature tour
    Feature tour

Content

You are here:
  1. Forums
  2. General discussion

Access rights to "openproject.org"

Added by Marco Borm about 10 years ago

I recently checked the openproject release timeline and found some obscure “Clare Frank” item there:
https://www.openproject.org/projects/openproject/timelines/62
https://www.openproject.org/work_packages/16457

I thought it was the result of a hack. After I unfortunately added the release “xyz” myself without a “access denied”, it seams anyone can add any kind of item into this openproject installation. Big sorry for that!

The access rights setup is IMO something to rethink.
https://www.openproject.org/work_packages/16474

Until that, could someone please delete both items? I am not allowed to delete my own item …

Thanks,
Marco


Replies (1)

RE: Access rights to "openproject.org" - Added by Robin Wagner about 10 years ago

Hello Marco,

thanks for the hint regarding the work packages in the timeline. I deleted both work packages that you referred to.
Currently, registered users have the permission to create work packages in the public projects on openproject.org (but not the permission to delete them).
This way bugs and feature requests can be submitted by the community.
However, as you already noticed this has the unfortunate side effect that also spam can be added which - depending on the type - may be displayed in the timeline.

Your suggestion is valid though. We’ll have a look into possibly limiting the permissions to reduce spam / misleading data.

Best,
Robin

  • (1 - 1/1)
Loading...