references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-13 19:20:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/release/15.0' into dev

Browse Source
This commit is contained in:
ulferts
2024-11-12 08:53:08 +01:00
parent 4bc2b9f699 41024a1a78
commit 478aa89ca5
169 changed files with 1135 additions and 762 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/components/_index.sass
+1
View File
@@ -3,6 +3,7 @@
@import "work_packages/activities_tab/journals/index_component"
@import "work_packages/activities_tab/journals/item_component"
@import "work_packages/activities_tab/journals/item_component/details"
@import "work_packages/activities_tab/journals/item_component/add_reactions"
@import "work_packages/activities_tab/journals/item_component/reactions"
@import "shares/modal_body_component"
@import "shares/invite_user_form_component"
app/components/projects/table_component.rb
+14 -4
View File
@@ -151,10 +151,20 @@ module Projects
end
def projects(query)
query
.results
.with_required_storage
.with_latest_activity
scope = query.results
# The two columns associated with the
# * disk storage
# * latest activity
# information are only available to admins.
# For non admins, the performance penalty of fetching the information therefore needs never be paid.
if User.current.admin?
scope = scope
.with_required_storage
.with_latest_activity
end
scope
.includes(:custom_values, :enabled_modules)
.paginate(page: helpers.page_param(params), per_page: helpers.per_page_param(params))
end
app/components/work_packages/activities_tab/index_component.rb
+13 -15
View File
@@ -34,6 +34,7 @@ module WorkPackages
include ApplicationHelper
include OpPrimer::ComponentHelpers
include OpTurbo::Streamable
include WorkPackages::ActivitiesTab::SharedHelpers
def initialize(work_package:, last_server_timestamp:, filter: :all)
super
@@ -48,27 +49,24 @@ module WorkPackages
attr_reader :work_package, :filter, :last_server_timestamp
def wrapper_data_attributes
stimulus_controller = "work-packages--activities-tab--index"
{
test_selector: "op-wp-activity-tab",
controller: "work-packages--activities-tab--index",
controller: stimulus_controller,
"application-target": "dynamic",
"work-packages--activities-tab--index-update-streams-url-value": update_streams_work_package_activities_url(
work_package
),
"work-packages--activities-tab--index-sorting-value": journal_sorting,
"work-packages--activities-tab--index-filter-value": filter,
"work-packages--activities-tab--index-user-id-value": User.current.id,
"work-packages--activities-tab--index-work-package-id-value": work_package.id,
"work-packages--activities-tab--index-polling-interval-in-ms-value": polling_interval,
"work-packages--activities-tab--index-notification-center-path-name-value": notifications_path,
"work-packages--activities-tab--index-last-server-timestamp-value": last_server_timestamp
"#{stimulus_controller}-update-streams-url-value": update_streams_work_package_activities_url(work_package),
"#{stimulus_controller}-sorting-value": journal_sorting,
"#{stimulus_controller}-filter-value": filter,
"#{stimulus_controller}-user-id-value": User.current.id,
"#{stimulus_controller}-work-package-id-value": work_package.id,
"#{stimulus_controller}-polling-interval-in-ms-value": polling_interval,
"#{stimulus_controller}-notification-center-path-name-value": notifications_path,
"#{stimulus_controller}-show-conflict-flash-message-url-value": show_conflict_flash_message_work_packages_path,
"#{stimulus_controller}-last-server-timestamp-value": last_server_timestamp
}
end
def journal_sorting
User.current.preference&.comments_sorting || "desc"
end
def polling_interval
# Polling interval should only be adjustable in test environment
if Rails.env.test?
app/components/work_packages/activities_tab/journals/filter_and_sorting_component.rb
+1 -4
View File
@@ -35,6 +35,7 @@ module WorkPackages
include ApplicationHelper
include OpPrimer::ComponentHelpers
include OpTurbo::Streamable
include WorkPackages::ActivitiesTab::SharedHelpers
def initialize(work_package:, filter: :all)
super
@@ -59,10 +60,6 @@ module WorkPackages
filter == :only_changes
end
def journal_sorting
User.current.preference&.comments_sorting || "desc"
end
def desc_sorting?
journal_sorting == "desc"
end
app/components/work_packages/activities_tab/journals/index_component.rb
+1 -4
View File
@@ -35,6 +35,7 @@ module WorkPackages
include ApplicationHelper
include OpPrimer::ComponentHelpers
include OpTurbo::Streamable
include WorkPackages::ActivitiesTab::SharedHelpers
def initialize(work_package:, filter: :all)
super
@@ -55,10 +56,6 @@ module WorkPackages
"work-package-journal-days"
end
def journal_sorting
User.current.preference&.comments_sorting || "desc"
end
def journal_sorting_desc?
journal_sorting == "desc"
end
app/components/work_packages/activities_tab/journals/item_component.html.erb
+4 -2
View File
@@ -1,6 +1,8 @@
<%=
component_wrapper(data: wrapper_data_attributes, class: "work-packages-activities-tab-journals-item-component") do
flex_layout(data: { test_selector: "op-wp-journal-entry-#{journal.id}" }) do |journal_container|
flex_layout(data: {
test_selector: "op-wp-journal-entry-#{journal.id}"
}) do |journal_container|
if show_comment_container?
journal_container.with_row do
render(border_box_container(
@@ -45,7 +47,7 @@
end
header_end_container.with_column do
render(Primer::Beta::Link.new(
href: "#",
href: activity_url(journal),
scheme: :secondary,
underline: false,
font_size: :small,
app/components/work_packages/activities_tab/journals/item_component.rb
+1 -9
View File
@@ -56,7 +56,7 @@ module WorkPackages
{
controller: "work-packages--activities-tab--item",
"application-target": "dynamic",
"work-packages--activities-tab--item-activity-url-value": activity_url
"work-packages--activities-tab--item-activity-url-value": activity_url(journal)
}
end
@@ -68,14 +68,6 @@ module WorkPackages
journal.noop?
end
def activity_url
"#{project_work_package_url(journal.journable.project, journal.journable)}/activity#{activity_anchor}"
end
def activity_anchor
"#activity-#{journal.sequence_version}"
end
def updated?
return false if journal.initial?
app/components/work_packages/activities_tab/journals/item_component/add_reactions.html.erb
+1 -1
View File
@@ -15,7 +15,7 @@
)
overlay.with_body(pt: 2, test_selector: "emoji-reactions-overlay") do
flex_layout do |add_reactions_container|
flex_layout(flex_wrap: :wrap, classes: "op-add-reactions-overlay") do |add_reactions_container|
EmojiReaction.available_emoji_reactions.each do |emoji, reaction|
add_reactions_container.with_column(mr: 2) do
render(Primer::Beta::Button.new(
app/components/work_packages/activities_tab/journals/item_component/add_reactions.sass
+4
View File
@@ -0,0 +1,4 @@
.op-add-reactions-overlay
row-gap: var(--base-size-4, 4px)
@media screen and (max-width: $breakpoint-sm)
max-width: 200px
app/components/work_packages/activities_tab/journals/item_component/details.html.erb
+5 -1
View File
@@ -4,7 +4,11 @@
my: 0,
border: :left,
classes: "work-packages-activities-tab-journals-item-component-details--journal-details-container",
data: { initial: journal.initial? }
data: {
"journal-with-changeset-updated-at": journal.updated_at.to_i, # used by the stimulus controller to maintain state
"journal-with-changeset-user-id": journal.user_id, # used by the stimulus controller to maintain state
initial: journal.initial? # used by the stimulus controller to render correctly
}
) do |details_container|
case filter
when :only_comments
app/components/work_packages/activities_tab/journals/item_component/details.rb
+1 -5
View File
@@ -187,7 +187,7 @@ module WorkPackages
classes: "work-packages-activities-tab-journals-item-component-details--activity-link-container"
) do
render(Primer::Beta::Link.new(
href: "#",
href: activity_url(journal),
scheme: :secondary,
underline: false,
font_size: :small,
@@ -265,10 +265,6 @@ module WorkPackages
def render_empty_line(details_container)
details_container.with_row(my: 1, font_size: :small, classes: "empty-line")
end
def journal_sorting
User.current.preference&.comments_sorting || "desc"
end
end
end
end
app/components/work_packages/activities_tab/journals/item_component/show.html.erb
+1 -1
View File
@@ -7,7 +7,7 @@
format_text(journal, :notes)
end
end
journal_container.with_row(mt: 3, flex_layout: true) do |reactions_container|
journal_container.with_row(flex_layout: true) do |reactions_container|
reactions_container.with_column do
render(WorkPackages::ActivitiesTab::Journals::ItemComponent::AddReactions.new(journal:, grouped_emoji_reactions:))
end
app/components/work_packages/activities_tab/shared_helpers.rb
+12
View File
@@ -42,6 +42,18 @@ module WorkPackages
user.name
end
end
def journal_sorting
User.current.preference&.comments_sorting || OpenProject::Configuration.default_comment_sort_order
end
def activity_url(journal)
"#{project_work_package_url(journal.journable.project, journal.journable)}/activity#{activity_anchor(journal)}"
end
def activity_anchor(journal)
"#activity-#{journal.sequence_version}"
end
end
end
end
app/components/work_packages/update_conflict_component.rb
+72
View File
@@ -0,0 +1,72 @@
#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) 2012-2024 the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See COPYRIGHT and LICENSE files for more details.
#++
module WorkPackages
class UpdateConflictComponent < ApplicationComponent
include OpPrimer::ComponentHelpers
include OpTurbo::Streamable
def initialize(scheme: :warning, button_text: I18n.t("label_meeting_reload"))
super
@scheme = scheme
@button_text = button_text
if %i[warning danger].exclude?(@scheme)
raise ArgumentError, "Invalid scheme: #{@scheme}. Must be :warning or :danger."
end
end
def call
render(
::OpPrimer::FlashComponent.new(
scheme: @scheme,
icon: @scheme == :danger ? :stop : :"alert-fill",
dismiss_scheme: :hide,
unique_key: "work-package-update-conflict",
data: {
"banner-scheme": @scheme.to_s # used for testing
}
)
) do |banner|
banner.with_action_button(
tag: :a,
href: "#",
data: {
turbo: false,
action: "click->flash#reloadPage",
test_selector: "op-work-package-update-conflict-reload-button"
},
size: :medium
) { @button_text }
content
end
end
end
end
app/controllers/work_packages/activities_tab_controller.rb
+1 -1
View File
@@ -220,7 +220,7 @@ class WorkPackages::ActivitiesTabController < ApplicationController
end
def journal_sorting
User.current.preference&.comments_sorting || "desc"
User.current.preference&.comments_sorting || OpenProject::Configuration.default_comment_sort_order
end
def journal_params
app/controllers/work_packages_controller.rb
+16
View File
@@ -32,6 +32,7 @@ class WorkPackagesController < ApplicationController
include Layout
include WorkPackagesControllerHelper
include OpTurbo::DialogStreamHelper
include OpTurbo::ComponentStream
accept_key_auth :index, :show
@@ -40,6 +41,8 @@ class WorkPackagesController < ApplicationController
before_action :load_and_authorize_in_optional_project,
:check_allowed_export,
:protect_from_unauthorized_export, only: %i[index export_dialog]
before_action :authorize, only: :show_conflict_flash_message
authorization_checked! :index, :show, :export_dialog
before_action :load_and_validate_query, only: :index, unless: -> { request.format.html? }
@@ -90,6 +93,19 @@ class WorkPackagesController < ApplicationController
respond_with_dialog WorkPackages::Exports::ModalDialogComponent.new(query: @query, project: @project, title: params[:title])
end
def show_conflict_flash_message
scheme = params[:scheme]&.to_sym || :danger
update_flash_message_via_turbo_stream(
component: WorkPackages::UpdateConflictComponent,
scheme:,
message: I18n.t("notice_locking_conflict_#{scheme}"),
button_text: I18n.t("notice_locking_conflict_action_button")
)
respond_with_turbo_streams
end
protected
def load_and_validate_query_for_export
config/initializers/permissions.rb
+1 -1
View File
@@ -219,7 +219,7 @@ Rails.application.reloader.to_prepare do
{
versions: %i[index show status_by],
journals: %i[index],
work_packages: %i[show index],
work_packages: %i[show index show_conflict_flash_message],
work_packages_api: [:get],
"work_packages/reports": %i[report report_details],
"work_packages/activities_tab": %i[index update_streams update_sorting update_filter],
config/locales/en.yml
+3
View File
@@ -2976,6 +2976,9 @@ en:
notice_locking_conflict: "Information has been updated by at least one other user in the meantime."
notice_locking_conflict_additional_information: "The update(s) came from %{users}."
notice_locking_conflict_reload_page: "Please reload the page, review the changes and reapply your updates."
notice_locking_conflict_warning: "This page has been updated by someone else. To not lose your edits, copy them locally and reload to view the updated version."
notice_locking_conflict_danger: "Could not save your changes because of conflicting modifications. To not lose your edits, copy them locally and reload to view the updated version."
notice_locking_conflict_action_button: "Discard changes and reload"
notice_member_added: Added %{name} to the project.
notice_members_added: Added %{number} users to the project.
notice_member_removed: "Removed %{user} from project."
config/routes.rb
+1
View File
@@ -603,6 +603,7 @@ Rails.application.routes.draw do
as: :work_package_progress
end
get "/export_dialog" => "work_packages#export_dialog", on: :collection, as: "export_dialog"
get :show_conflict_flash_message, on: :collection # we don't need a specific work package for this
get "/split_view/update_counter" => "work_packages/split_view#update_counter",
on: :member
docs/enterprise-guide/enterprise-cloud-guide/gdpr-compliance/README.md
+1 -1
View File
@@ -54,7 +54,7 @@ OpenProject provides means to fully erase both all identifiable information of a
- Data controllers can perform the deletion [through the administration](../../../system-admin-guide/users-permissions/users/).
- Depending on the configuration of your OpenProject instance, individual data subjects may perform the deletion of their own account through the [Delete Account](../../../user-guide/my-account/) page. If this is disabled, the request may be stated to the data controller.
- Depending on the configuration of your OpenProject instance, individual data subjects may perform the deletion of their own account through the [Delete Account](../../../user-guide/account-settings/) page. If this is disabled, the request may be stated to the data controller.
### Data Portability
docs/faq/README.md
+2 -2
View File
@@ -150,8 +150,8 @@ Please find information on the features of OpenProject [here](https://www.openpr
### Is it possible to use multiple languages in OpenProject?
Yes, it is possible to use OpenProject in multiple languages. We support English, German, French and a number of additional languages. Each user can select their own preferred language by signing into OpenProject, clicking on the user avatar on the upper right side and selecting "My account" from the dropdown menu.
You can then select "Settings" from the side menu on the left side and [change the language](../user-guide/my-account/#change-your-language).
Yes, it is possible to use OpenProject in multiple languages. We support English, German, French and a number of additional languages. Each user can select their own preferred language by signing into OpenProject, clicking on the user avatar on the upper right side and selecting "Account settings" from the dropdown menu.
You can then select "Settings" from the side menu on the left side and [change the language](../user-guide/account-settings/#change-your-language).
### Is there an OpenProject app?
docs/getting-started/README.md
+10 -10
View File
@@ -14,17 +14,17 @@ Here you will learn about the **first steps with OpenProject**. If you need more
## Overview
| Topic | Content |
|---------------------------------------------------------|:---------------------------------------------------------------|
| Topic | Content |
| ------------------------------------------------------- | :----------------------------------------------------------- |
| [Introduction to OpenProject](openproject-introduction) | Get an introduction about project management with OpenProject. |
| [Sign in and registration](sign-in-registration) | Find out how you can register and sign in to OpenProject. |
| [Create a project](projects) | How to create and set up a new project. |
| [Invite team members](invite-members) | How to invite new members. |
| [Work packages](work-packages-introduction) | Learn how to create and edit work packages. |
| [Gantt chart](gantt-chart-introduction) | Find out how to create a project plan. |
| [Boards](boards-introduction) | How to work with agile boards. |
| [My account](my-account) | How to configure my account. |
| [My page](my-page) | Find out more about a personal my page dashboard. |
| [Sign in and registration](sign-in-registration) | Find out how you can register and sign in to OpenProject. |
| [Create a project](projects) | How to create and set up a new project. |
| [Invite team members](invite-members) | How to invite new members. |
| [Work packages](work-packages-introduction) | Learn how to create and edit work packages. |
| [Gantt chart](gantt-chart-introduction) | Find out how to create a project plan. |
| [Boards](boards-introduction) | How to work with agile boards. |
| [Account settings](account-settings) | How to configure personal account settings. |
| [My page](my-page) | Find out more about a personal my page dashboard. |
## 6 steps to get started
docs/getting-started/account-settings/README.md
+21
View File
@@ -0,0 +1,21 @@
---
sidebar_navigation:
title: My account
priority: 400
description: Learn how to configure account settings.
keywords: my account, account settings, change language
---
# Account settings
Under **Account settings**, you can change your personal settings, such as the language, edit notifications, or add an avatar. Moreover you can manage access tokens and sessions.
> [!TIP]
> Prior to OpenProject 15.0 *Account settings* were named *My account*.
To open your personal settings in OpenProject, click on your user icon in the top right corner in the header of the application and choose **Account settings**.
![Account settings in OpenProject](openproject_open_account_settings.png)
For more details please take a look at [**Account settings** section of OpenProject user guide](../../user-guide/account-settings).
docs/getting-started/account-settings/openproject_open_account_settings.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 109 KiB

docs/getting-started/my-account/README.md
-18
View File
@@ -1,18 +0,0 @@
---
sidebar_navigation:
title: My account
priority: 400
description: Learn how to configure account settings.
keywords: my account, account settings, change language
---
# My account
Under My account, you can change your personal settings, such as the language, edit notifications, or add an avatar. Moreover you can manage access tokens and sessions.
To open your personal settings in OpenProject, click on your user icon in the top right corner in the header of the application and choose **My account**.
![my account profile information](openproject_open_my_account_page.png)
For more details please take a look at [My account section of OpenProject user guide](../../user-guide/my-account).
docs/getting-started/my-account/openproject_open_my_account_page.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 170 KiB

docs/getting-started/sign-in-registration/README.md
+1 -1
View File
@@ -88,7 +88,7 @@ After the creation of your account you are logged into the system. You will then
![select language](20191202171349241.png)
If you have already logged in before, you can [set your language in your user profile](../../user-guide/my-account/#profile-settings).
If you have already logged in before, you can [set your language in your user profile](../../user-guide/account-settings/#profile-settings).
## Reset your password
docs/glossary/README.md
+11 -3
View File
@@ -139,7 +139,7 @@ A custom query in OpenProject consists of saved [filters](#filters), sort criter
### Dark mode
The dark mode for OpenProject is a personal setting to display the application in a dark [theme](#theme). Other available modes are the regular light mode and the (light) [high contrast mode](#high-contrast-mode). [Read in our documentation how to enable dark mode](../user-guide/my-account/#select-the-dark-mode).
The dark mode for OpenProject is a personal setting to display the application in a dark [theme](#theme). Other available modes are the regular light mode and the (light) [high contrast mode](#high-contrast-mode). [Read in our documentation how to enable dark mode](../user-guide/account-settings/#select-the-dark-mode).
### Dashboard
@@ -201,7 +201,7 @@ A Group in OpenProject is defined as a list of users which can be added as a mem
### High contrast mode
OpenProject offers a high contrast mode to make it easier for visually impaired people to use the software. This mode can be selected in the personal [account settings](../user-guide/my-account/#my-account) and will only affect the individual user's experience.
OpenProject offers a high contrast mode to make it easier for visually impaired people to use the software. This mode can be selected in the personal [account settings](../user-guide/account-settings/) and will only affect the individual user's experience.
### Home page
@@ -279,6 +279,10 @@ OpenProject on-premises is a self-hosted version of OpenProject. As opposed to t
- [Read how to activate the Enterprise on-premises edition](../enterprise-guide/enterprise-on-premises-guide/activate-enterprise-on-premises/)
- [Read how to start a trial for Enterprise on-premises](../enterprise-guide/enterprise-on-premises-guide/enterprise-on-premises-trial/)
### OpenID Connect (OIDC)
OpenID Connect (OIDC) is an authentication protocol built on OAuth 2.0 that enables secure, simple, and standardized user identity verification. OpenProject Enterprise offers user interfaces for OIDC as well as for [SAML](#saml), so that administrators can set Single Sign-On (SSO) options for their users. [Read more about OpenID providers for OpenProject in our system admin guide](../system-admin-guide/authentication/openid-providers/).
## P
### Phase
@@ -374,6 +378,10 @@ In product management, the RICE score indicates the level of prioritization of a
## S
### SAML
SAML (Security Assertion Markup Language) is an open standard for exchanging authentication and authorization data between parties, typically an identity provider (IdP) and a service provider (SP). OpenProject Enterprise offers user interfaces for SAML as well as for [OpenID Connect](#openid-connect-oidc), so that administrators can set Single Sign-On (SSO) options for their users. [Read more about SAML providers for OpenProject in our system admin guide](../system-admin-guide/authentication/saml/).
### Share work packages
OpenProject offers the possibility to share work packages with external groups or users that are not [members](#member) of the project. This feature is an [Enterprise add-on](#enterprise-add-on). Every user with whom a work package is shared must either already be a user of the instance or be newly created. The latter requires special rights. [Read more about OpenProject's feature to share work packages with project non-members](../user-guide/work-packages/share-work-packages/).
@@ -476,4 +484,4 @@ A list of work packages is considered a view. The containing work packages in an
### WYSIWYG editor
WYSIWYG stands for 'What you see is what you get'. A WYSIWYG editor is a content editing interface that allows users to create and edit content so that it visually resembles the final result. In OpenProject, you can use WYSIWYG editors in [wikis](#wiki), [forums](#forum) and [work package](#work-package) descriptions and comments.
WYSIWYG stands for 'What you see is what you get'. A WYSIWYG editor is a content editing interface that allows users to create and edit content so that it visually resembles the final result. In OpenProject, you can use WYSIWYG editors in [wikis](#wiki), [forums](#forum) and [work package](#work-package) descriptions and comments.
docs/installation-and-operations/misc/custom-openid-connect-providers/README.md
+2 -2
View File
@@ -1,9 +1,9 @@
# Custom OpenID Connect providers
# Custom OpenID Connect providers (Enterprise add-on)
> [!IMPORTANT]
> OpenID Connect providers is an Enterprise add-on. If you do not see the button you will have to activate the Enterprise edition first.
Starting in OpenProject 15.0., you can create custom OpenID Connect providers with the user interface [OpenID Providers Authentication Guide](../../../system-admin-guide/authentication/openid-providers/).
Starting with OpenProject 15.0., you can create custom OpenID Connect providers with the user interface [OpenID Providers Authentication Guide](../../../system-admin-guide/authentication/openid-providers/).
Please use this document for references on all configuration options. Any providers you have created in earlier versions will have been migrated and should be available from the user interface.
docs/release-notes/12/12-0-0/README.md
+1 -1
View File
@@ -21,7 +21,7 @@ The new in-app notifications let you never miss a change in your projects again.
Go to our user guide to find out how to [configure in-app notifications](../../../user-guide/notifications/).
> **Info:** Please note that starting with version 12.0, OpenProject will no longer send individual emails for each notification. You can view your notifications via the new [Notification center](../../../user-guide/notifications/#access-in-app-notifications). You can however still choose to receive daily [email reminders](../../../user-guide/my-account/#email-reminders) at specific times of the day that you can configure.
> **Info:** Please note that starting with version 12.0, OpenProject will no longer send individual emails for each notification. You can view your notifications via the new [Notification center](../../../user-guide/notifications/#access-in-app-notifications). You can however still choose to receive daily [email reminders](../../../user-guide/account-settings/#email-reminders) at specific times of the day that you can configure.
## Notification center
docs/release-notes/12/12-4-0/README.md
+1 -1
View File
@@ -42,7 +42,7 @@ With OpenProject 12.4 users who have OpenProject community edition installed can
![two-factor-authentication](openproject-2-factor-authentication-community-edition.png)
!See [here](../../../user-guide/my-account/#two-factor-authentication) how to setup the 2FA under My account.
!See [here](../../../user-guide/account-settings/#two-factor-authentication) how to setup the 2FA under My account.
## LDAP connection encryption changes
docs/release-notes/13-1-0/README.md
+1 -1
View File
@@ -54,7 +54,7 @@ With OpenProject 13.1, we released [Attribute help texts](../../system-admin-gui
## Accessibility improvements and high contrast mode
We continued to work on improving accessibility of OpenProject according to the WCAG 2.1 AA. You can now select to use a high contrast mode in your [profile settings](../../user-guide/my-account/#select-the-high-contrast-color-mode), which will override the current OpenProject theme and be especially valuable for OpenProject users with visual impairments.
We continued to work on improving accessibility of OpenProject according to the WCAG 2.1 AA. You can now select to use a high contrast mode in your [profile settings](../../user-guide/account-settings/#select-the-high-contrast-color-mode), which will override the current OpenProject theme and be especially valuable for OpenProject users with visual impairments.
![High contrast mode in OpenProject](openproject_my_account_high_contrast_mode.png)
docs/release-notes/14-4-0/README.md
+1 -1
View File
@@ -38,7 +38,7 @@ For more details, see https://community.openproject.org/wp/56861.
### Personal settings: Dark mode
Dark mode for OpenProject is finally here! In the '[My account](../../user-guide/my-account/#profile-settings)' section under 'Settings', there is an **option labeled 'Mode' where users can now select 'Dark (Beta).'** as an alternative to the light mode. When the dark mode is selected, the change applies only to that user, not to the entire instance.
Dark mode for OpenProject is finally here! In the '[My account](../../user-guide/account-settings/#profile-settings)' section under 'Settings', there is an **option labeled 'Mode' where users can now select 'Dark (Beta).'** as an alternative to the light mode. When the dark mode is selected, the change applies only to that user, not to the entire instance.
![News setting for dark mode in OpenProject, displayed in dark mode](openproject-14-4-dark-mode.png)
docs/system-admin-guide/api-and-webhooks/README.md
+1 -1
View File
@@ -15,7 +15,7 @@ Navigate to **Administration → API and webhooks**.
![API settings in OpenProject administration](openproject_system_admin_guide_api.png)
Here, you can manage the **REST web service** to selectively control whether foreign applications may access your OpenProject API endpoints from within the browser. This setting allows users to access the OpenProject API using an API token created from the users "My account" page. You can set the **maximum page size** the API will respond with. It will not be possible to perform API requests that return more values on a single page. You can also enable **write access to read-only attributes**, which will allow administrators to write static read-only attributes during creation, such as *createdAt* and *author*.
Here, you can manage the **REST web service** to selectively control whether foreign applications may access your OpenProject API endpoints from within the browser. This setting allows users to access the OpenProject API using an API token created from the users "Account settings" page. You can set the **maximum page size** the API will respond with. It will not be possible to perform API requests that return more values on a single page. You can also enable **write access to read-only attributes**, which will allow administrators to write static read-only attributes during creation, such as *createdAt* and *author*.
### Documentation
docs/system-admin-guide/authentication/openid-providers/README.md
+5 -2
View File
@@ -5,7 +5,10 @@ sidebar_navigation:
description: OpenID providers for OpenProject.
keywords: OpenID providers
---
# OpenID providers
# OpenID providers (Enterprise add-on)
> [!IMPORTANT]
> OpenID Connect providers is an Enterprise add-on. If you do not see the button you will have to activate the Enterprise edition first.
| Topic | Content |
| ------------------------------------------------------------ | ------------------------------------------------------------ |
@@ -183,7 +186,7 @@ To start creating a custom provider, please follow these steps:
1. Login as OpenProject Administrator
2. Navigate to *Administration* -> *Authentication* and choose -> *OpenID providers*.
- **Click** the green *+ OpenID Connect provider* button
- **Choose** Choose the *Option* **Custom**
- **Choose** the *Option* **Custom**
#### Step 1: Display name
docs/system-admin-guide/authentication/openid-providers/azure-provider-index.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 112 KiB

docs/system-admin-guide/authentication/openid-providers/openproject_system-admin-guide_authentication_openid_provider.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 25 KiB

docs/system-admin-guide/authentication/openid-providers/openproject_system-admin-guide_authentication_openid_provider_new.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 109 KiB

docs/system-admin-guide/authentication/saml/README.md
+220 -322
View File
@@ -5,51 +5,141 @@ sidebar_navigation:
description: How to set up SAML integration for SSO with OpenProject.
keywords: SAML, SSO, single sign-on, authentication
---
# SAML
# SAML (Enterprise add-on)
> [!NOTE]
> This documentation is valid for the OpenProject Enterprise edition only.
> Single sign-on with SAML is an Enterprise add-on. [Click here for more information](https://www.openproject.org/enterprise-edition/) on the OpenProject Enterprise edition.
You can integrate your active directory or other SAML compliant identity provider in your OpenProject Enterprise edition.
You can integrate your active directory or other SAML compliant identity provider in your OpenProject Enterprise edition. To activate and configure SAML providers in OpenProject, navigate to *Administration* -> *Authentication* and choose -> *SAML providers*.
## Enterprise cloud
For the moment in the Enterprise cloud OpenProject DevOps team has to apply the configuration for you. The configuration has to be provided in a support ticket, e.g. as an ENV environment file.
Experience shows that configuring this can be tricky. So it may require some time until the correct configuration is finished with your SAML provider.
If you have the chance to test the SAML configuration on an Enterprise on-premises installation this might speed up the process. But we can make it work either way.
## Enterprise on-premises
## Prerequisites
### Prerequisites
In order to use integrate OpenProject as a service provider (SP) using SAML, your identity providers (idP):
In order to integrate OpenProject as a service provider (SP) using SAML, your identity providers (idP):
- needs to be able to handle SAML 2.0 redirect Single-Sign On (SSO) flows, in some implementations also referred to as WebSSO
- has a known or configurable set of attributes that map to the following required OpenProject attributes. The way these attribute mappings will be defined is described later in this document.
- **login**: A stable attribute used to uniquely identify the user. This will most commonly map to an account ID, samAccountName or email (but please note that emails are often interchangeable, and this might result in logins changing in OpenProject).
- **email**: The email attribute of the user being authenticated
- **first name** and **last name** of the user.
- a **name identifier** (NameID) property that uniquely identifies the user. This could a be an internal uid, or otherwise stable attribute that will never change.
- provides the public certificate or certificate fingerprint (SHA1) in use for communicating with the idP.
### 1: Configure the SAML integration
## User interface to add SAML providers
The configuration can be provided in one of two ways:
Starting with OpenProject 15.0, you can define the SAML integration using an internal administrator account.
* Environment variables (1.1)
- Login as OpenProject Administrator
* Settings in the database (1.2)
- Navigate to *Administration* -> *Authentication* and choose -> *SAML providers*.
* for OpenProject version 11 and older in `config/configuration.yml` file (1.3)
Whatever means are chosen, the plugin simply passes all options to omniauth-saml. See [their configuration documentation](https://github.com/omniauth/omniauth-saml#usage) for further details.
### Step 1: Display name
The options are mutually exclusive. If you decide to save settings in the database, they will override any ENV variables you might have set. (*For OpenProject version 11 and older:* If settings are already provided via ENV variables, they will overwrite settings in a `configuration.yml` file.)
- **Click** the green *+ SAML identity provider* button
- Set a **display name**. This will be shown on the login button for all users. Choose a name that users associate with your SAML login provider (e.g., "SSO")
- Click **Continue**
#### 1.1 Environment variables
### Step 2: Metadata exchange
SAML 2.0 allows the service provider and identity provider to exchange public information/configuration ([Specification of Metadata Interoperability](https://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-iop-os.html)). In the second step of the creation form, you can leverage the metadata exchange endpoint of your SAML identity provider to pre-fill most of the configuration.
The second step allows you to provide metadata in two ways:
1. With a metadata URL endpoint. OpenProject will try to connect to that endpoint and download the XML,
2. Providing the metadata XML manually as a text input.
With a metadata option, OpenProject will pre-fill the next sections with all the given information. In case there are any errors in the values provided, they will be marked in red for correction. If you do not have metadata for this provider, choose **I don't have metadata**. Click **Continue**.
### Step 3: Primary configuration
If you have used the metadata exchange, the next form will be pre-filled like in the example below.
![SAML provider primary configuration](./saml-provider-primary-configuration.png)
If some of the required fields (marked with an asterisk) are missing, fill them out with the information from your identity provider. OpenProject assumes you're using the URL of your OpenProject instance as the Service entity ID by default. If your provider expects a different format, this can be an arbitrary string.
Once you verified the configuration with your settings from the identity provider, click on **Continue**.
### Step 4: Signatures and Encryption
Your identity provider may optionally sign and/or encrypt the assertion response. You may for example wish to use Assertion Encryption if TLS is terminated before the OpenProject application server (e.g., on the load balancer level).
To configure assertion encryption, you need to provide a PEM-formatted certificate to send in the request and private key to decrypt the response. If you need more help on creating a certificate, [please see this guide as an example](https://devcenter.heroku.com/articles/ssl-certificate-self).
Request signing means that the service provider (OpenProject in this case) uses the certificate specified to sign the request to the identity provider. They reuse the same `certificate` and `private_key` settings as for assertion encryption. It is recommended to use an RSA key pair, the key must be provided without password.
With request signing enabled, the certificate will be added to the identity provider to validate the signature of the service provider's request.
Fill out the respective fields, or if you do not need these features, simply leave this section empty and click **Continue**.
![Encryption and Signature of Requests and Assertions](./saml-encryption.png)
### Step 5: Attribute Mapping
OpenProject expects a set Use the key `attribute_statements` to provide mappings for attributes returned by the SAML identity provider's response to OpenProject internal attributes. We provide an extensive set of default values that should work for the majority of providers. Also, the metadata endpoint might already specify some attributes that can be used.
If you have a custom attribute that you want to use for e.g., email, you can replace or add this to the list of attributes. The attributes will be assigned in order from top to bottom, and the first attribute that is found in the SAML assertion will be used.
Optionally, you can set a mapping for the internal user ID. By default, we take this information from the `name_id` attribute. In many SAML providers, the NameID is assigned to the email address of the user. However, this attribute might change over time. If you have an internal UID or another attribute that is stable, enter this instead.
If your users start logging in with this provider and see a registration form with missing attributes for their first or last name, email address, or login, then this mapping section is not filled correctly, or your provider is not sending an attribute back to OpenProject.
Save your configuration, or skip if you do not need to make changes, using the **Continue** button.
### Step 6: Requested Attributes
By default, the attributes from the mapping above will be requested with the format `urn:oasis:names:tc:SAML:2.0:attrname-format:basic`.
That means the response should contain attribute names 'mail', etc. as configured above.
Some SAML providers are very specific about the attributes being requested from the service provider. If you have URN or OID attribute identifiers, you can modify the request in this last section of the form.
If your provider sends a default set of attributes, you can probably skip over this section. If your users start logging in with this provider and see a registration form with missing attributes for their first or last name, email address, or login, then you might need to change this configuration.
Complete the registration of the provider using the **Finish setup** button.
### Step 7: Configuration of the identity provider
In order for users to start logging in using the new SSO button that you just added, you need to tell your identity provider some details of the OpenProject provider. Once the provider is saved, you will see details on the right pane of the provider.
In the sidebar, you will see the OpenProject configuration:
1. **Metadata endpoint**: This is the metadata XML exchange endpoint for the OpenProject client. If your provider allows to import metadata from a service provider, you can use this metadata to inform it about the details of OpenProject.
2. **Service entity ID**: This is the entity id of OpenProject, you might need to configure this in your identity provider to allow it to connect
3. **Assertion consumer service URL**: This is the callback or redirect URL used from your SAML identity provider to lead users back to OpenProject when they're authenticated.
Use the copy to clipboard buttons on each of these entries to copy the information and enter it in your identity provider.
![SAML configuration sidebar in OpenProject administration](./saml-show-view.png)
Congratulations, you have now finished the setup of your SAML integration provider in OpenProject.
## SAML configuration as Environment Variables
For some deployment scenarios, it might be desirable to configure a provider through environment variables.
> [!WARNING]
> Only do this if you know what you are doing. This may break your existing SAML authentication providers or cause other issues otherwise.
As with [all the rest of the OpenProject configuration settings](../../../installation-and-operations/configuration/environment/), the SAML configuration can be provided via environment variables.
Example
The provider entries are defined dynamically based on the environment keys. All variables will start with the prefix `OPENPROJECT_SAML_` followed by the provider name.
**Example**
This set of environment keys will set up a provider entry in the UI called **saml**.
```shell
# Name of the provider, leave this at saml unless you use multiple providers
@@ -58,9 +148,6 @@ OPENPROJECT_SAML_SAML_NAME="saml"
# The name that will be display in the login button
OPENPROJECT_SAML_SAML_DISPLAY__NAME="<Name of the login button>"
# The callback within OpenProject that your idP should redirect to
OPENPROJECT_SAML_SAML_ASSERTION__CONSUMER__SERVICE__URL="https://<openproject.host>/auth/saml/callback"
# The SAML issuer string that OpenProject will call your idP with
OPENPROJECT_SAML_SAML_ISSUER="https://<openproject.host>"
@@ -75,12 +162,13 @@ OPENPROJECT_SAML_SAML_IDP__CERT="-----BEGIN CERTIFICATE-----<cert one liner>----
# Otherwise you will get an internal error with this log line "PEM_read_bio_X509: bad base64 decode"
# OPENPROJECT_SAML_SAML_IDP__CERT=$'-----BEGIN CERTIFICATE-----<cert one liner>-----END CERTIFICATE-----'
OPENPROJECT_SAML_SAML_IDP__CERT__FINGERPRINT="da:39:a3:ee:5e:6b:4b:0d:32:55:bf:ef:95:60:18:90:af:d8:07:09"
# Alternatively, provide a fingerprint of the certificate.
#OPENPROJECT_SAML_SAML_IDP__CERT__FINGERPRINT="da:39:a3:ee:5e:6b:4b:0d:32:55:bf:ef:95:60:18:90:af:d8:07:09"
# Replace with your single sign on URL, the exact value depends on your idP implementation
OPENPROJECT_SAML_SAML_IDP__SSO__TARGET__URL="https://<hostname of your idp>/application/saml/<slug>/sso/binding/post/"
OPENPROJECT_SAML_SAML_IDP__SSO__SERVICE__URL="https://<hostname of your idp>/application/saml/<slug>/sso/binding/post/"
# (Optional) Replace with your redirect flow single sign out URL that we should redirect to
OPENPROJECT_SAML_SAML_IDP__SLO__TARGET__URL=""
OPENPROJECT_SAML_SAML_IDP__SLO__SERVICE__URL=""
# Which SAMLAttribute we should look for for the corresponding attributes of OpenProject
# can be a string or URI/URN depending on our idP format
@@ -95,147 +183,15 @@ OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_LAST__NAME="[sn]"
Please note that every underscore (`_`) in the original configuration key has to be replaced by a duplicate underscore
(`__`) in the environment variable as the single underscore denotes namespaces. For more information, follow our [guide on environment variables](../../../installation-and-operations/configuration/environment/).
#### 1.2 Settings in database
The SAML settings can also be changed at runtime in the database through the OpenProject settings.
As opposed to other settings there is no user interface for this.
That means it's best to set them using the console.
```shell
# package based installation:
> sudo openproject run console
# docker-based installation:
> docker exec -it openproject bundle exec rails console
# docker-compose-based installation:
> docker-compose run --rm web bundle exec rails console
```
Once on the console you can set the same values as named in the ENV environment file, however they need to be nested within a 'providers' key as follows.
For example:
```ruby
Setting.plugin_openproject_auth_saml = Hash(Setting.plugin_openproject_auth_saml).deep_merge({
"providers" => {
"saml" => {
"name" => "saml",
"display_name" => "My SSO",
"assertion_consumer_service_url" => "https://<YOUR OPENPROJECT HOSTNAME>/auth/saml/callback",
# The SAML issuer string that OpenProject will call your idP with
"issuer" => "https://<YOUR OPENPROJECT HOSTNAME>",
### one liner to generate certificate in ONE line
### awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <yourcert.pem>
"idp_cert" => "-----BEGIN CERTIFICATE-----\nMI................IEr\n-----END CERTIFICATE-----\n",
# Otherwise, the certificate fingerprint must be added
# Either `idp_cert` or `idp_cert_fingerprint` must be present!
"idp_cert_fingerprint" => "E7:91:B2:E1:...",
# Replace with your SAML 2.0 redirect flow single sign on URL
# For example: "https://sso.example.com/saml/singleSignOn"
"idp_sso_target_url" => "<YOUR SSO URL>",
# Replace with your redirect flow single sign out URL
# or comment out
# For example: "https://sso.example.com/saml/proxySingleLogout"
"idp_slo_target_url" => "<YOUR SSO logout URL>",
# Attribute map in SAML
"attribute_statements" => {
# What attribute in SAML maps to email (default: mail)
"email" => ['mail'],
# What attribute in SAML maps to the user login (default: uid)
"login" => ['uid'],
# What attribute in SAML maps to the first name (default: givenName)
"first_name" => ['givenName'],
# What attribute in SAML maps to the last name (default: sn)
"last_name" => ['sn']
}
}
}
})
```
#### 1.3 config/configuration.yml file
> [!IMPORTANT]
> ONLY for OpenProject version 11 and older
In your OpenProject packaged installation, you can modify the `/opt/openproject/config/configuration.yml` file.
Edit the file in your favorite editor
```shell
vim /opt/openproject/config/configuration.yml
```
This will contains the complete OpenProject configuration and can be extended to also contain metadata settings and connection details for your SSO identity provider.
The following is an exemplary file with a set of common settings:
```yaml
default:
# <-- other configuration -->
saml:
# First SAML provider
mysaml1:
# Name of the provider, leave this at saml unless you use multiple providers
name: "saml"
# The name that will be display in the login button
display_name: "My SSO"
# Use the default SAML icon
icon: "auth_provider-saml.png"
# The callback within OpenProject that your idP should redirect to
assertion_consumer_service_url: "https://<YOUR OPENPROJECT HOSTNAME>/auth/saml/callback"
# The SAML issuer string that OpenProject will call your idP with
issuer: "https://<YOUR OPENPROJECT HOSTNAME>"
# IF your SSL certificate on your SSO is not trusted on this machine, you need to add it here in ONE line
### one liner to generate certificate in ONE line
### awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <yourcert.pem>
#idp_cert: "-----BEGIN CERTIFICATE-----\n ..... SSL CERTIFICATE HERE ...-----END CERTIFICATE-----\n"
# Otherwise, the certificate fingerprint must be added
# Either `idp_cert` or `idp_cert_fingerprint` must be present!
idp_cert_fingerprint: "E7:91:B2:E1:..."
# Replace with your SAML 2.0 redirect flow single sign on URL
# For example: "https://sso.example.com/saml/singleSignOn"
idp_sso_target_url: "<YOUR SSO URL>"
# Replace with your redirect flow single sign out URL
# or comment out
# For example: "https://sso.example.com/saml/proxySingleLogout"
idp_slo_target_url: "<YOUR SSO logout URL>"
# Attribute map in SAML
attribute_statements:
# What attribute in SAML maps to email (default: mail)
email: ['mail']
# What attribute in SAML maps to the user login (default: uid)
login: ['uid']
# What attribute in SAML maps to the first name (default: givenName)
first_name: ['givenName']
# What attribute in SAML maps to the last name (default: sn)
last_name: ['sn']
# OPTIONAL: Additional SAML provider(s)
#mysaml2:
# name: "saml2"
# display_name: "Additional SSO"
# (...)
#mysaml3:
# (...)
```
Be sure to choose the correct indentation and base key. The items below the `saml` key should be indented two spaces more than `saml` already is. And `saml` can will need to be placed in the `default` or `production` group so it will already be indented. You will get an YAML parsing error otherwise when trying to start OpenProject.
### 2. Configuration details
### Configuration details
In this section, we detail some of the required and optional configuration options for SAML.
#### 2.1 Mandatory: Response signature verification
#### Mandatory: Response signature verification
SAML responses by identity providers are required to be signed. You can configure this by either specifying the response's certificate fingerprint in `idp_cert_fingerprint` , or by passing the entire PEM-encoded certificate string in `idp_cert` (beware of newlines and formatting the cert, [c.f. the idP certificate options in omniauth-saml](https://github.com/omniauth/omniauth-saml#options))
SAML responses by identity providers are required to be signed. You can configure this by either specifying the response's certificate fingerprint in `OPENPROJECT_SAML_SAML_IDP__CERT__FINGERPRINT` , or by passing the entire PEM-encoded certificate string in `OPENPROJECT_SAML_NAME_IDP__CERT` (beware of newlines and formatting the cert, [c.f. the idP certificate options in omniauth-saml](https://github.com/omniauth/omniauth-saml#options))
#### 2.2 Mandatory: Attribute mapping
#### Mandatory: Attribute mapping
Use the key `attribute_statements` to provide mappings for attributes returned by the SAML identity provider's response to OpenProject internal attributes.
@@ -243,89 +199,22 @@ You may provide attribute names or namespace URIs as follows: `email: ['http://s
The OpenProject username is taken by default from the `email` attribute if no explicit login attribute is present.
**a) Attribute mapping example for database**
```ruby
Setting.plugin_openproject_auth_saml = Hash(Setting.plugin_openproject_auth_saml).deep_merge({
"providers" => {
"saml" => {
# ... other attributes, see above.
# Attribute map in SAML
"attribute_statements" => {
# What attribute in SAML maps to email (default: mail)
"email" => ['mail'],
# another example for combined attributes in an array:
"login" => ['username', 'samAccountName', 'uid'],
# What attribute in SAML maps to the first name (default: givenName)
"first_name" => ['givenName'],
# What attribute in SAML maps to the last name (default: sn)
"last_name" => ['sn']
}
}
}
})
```bash
OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_EMAIL="[mail]"
OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_LOGIN="[mail]"
OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_FIRST__NAME="[givenName]"
OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_LAST__NAME="[sn]"
# You can specify a UID attribute to use. If not present, will take the NAMEID
OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_UID="[uid]"
# You can also specify multiple attributes, the first found value will be used. Example:
# OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_LOGIN="['mail', 'samAccountName', 'uid']"
```
**b) Attribute mapping example for configuration.yml**
> [!IMPORTANT]
> ONLY for OpenProject version 11 and older
```yaml
default:
# <-- other configuration -->
mysaml1:
# <-- other configuration -->
# Attribute map in SAML
attribute_statements:
# Use the `mail` attribute for
email: ['mail']
# Use the mail address as login
login: ['mail']
# What attribute in SAML maps to the first name (default: givenName)
first_name: ['givenName']
# What attribute in SAML maps to the last name (default: sn)
last_name: ['sn']
```
#### 2.3 Optional: Set the attribute format
By default, the attributes above will be requested with the format `urn:oasis:names:tc:SAML:2.0:attrname-format:basic`.
That means the response should contain attribute names 'mail', etc. as configured above.
If you have URN or OID attribute identifiers, you can modify the request as follows:
> [!IMPORTANT]
> Example is ONLY for OpenProject version 11 and older and needs to be redesigned for ENV configuration
```yaml
default:
# <-- other configuration -->
mysaml1:
# <-- other configuration -->
# Modify the request attribute sent in the request
# These oids are exemplary, but will often be identical,
# please check with your identity provider for the correct oids
request_attributes:
- name: 'urn:oid:0.9.2342.19200300.100.1.3'
friendly_name: 'Mail address'
name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- name: 'urn:oid:2.5.4.42'
friendly_name: 'First name'
name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- name: 'urn:oid:2.5.4.4'
friendly_name: 'Last name'
name_format: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
# Attribute map in SAML
attribute_statements:
email: ['urn:oid:0.9.2342.19200300.100.1.3']
login: ['urn:oid:0.9.2342.19200300.100.1.3']
first_name: ['urn:oid:2.5.4.42']
last_name: ['urn:oid:2.5.4.4']
```
#### 2.4 Optional: Request signature and Assertion Encryption
#### Optional: Request signature and Assertion Encryption
Your identity provider may optionally encrypt the assertion response, however note that with the required use of TLS transport security, in many cases this is not necessary. You may wish to use Assertion Encryption if TLS is terminated before the OpenProject application server (e.g., on the load balancer level).
@@ -334,86 +223,73 @@ To configure assertion encryption, you need to provide the certificate to send i
> [!IMPORTANT]
> Example is ONLY for OpenProject version 11 and older and needs to be redesigned for ENV configuration
```yaml
default:
# <-- other configuration -->
mysaml1:
# <-- other configuration -->
certificate: "-----BEGIN CERTIFICATE-----\n .... certificate contents ....\n-----END CERTIFICATE-----"
private_key: "-----BEGIN PRIVATE KEY-----\n .... private key contents ....\n-----END PRIVATE KEY-----"
```bash
OPENPROJECT_SAML_SAML_CERTIFICATE="-----BEGIN CERTIFICATE-----\n .... certificate contents ....\n-----END CERTIFICATE--""
OPENPROJECT_SAML_SAML_PRIVATE__KEY="-----BEGIN PRIVATE KEY-----\n .... private key contents ....\n-----END PRIVATE KEY-----"
```
Request signing means that the service provider (OpenProject in this case) uses the certificate specified to sign the request to the identity provider. They reuse the same `certificate` and `private_key` settings as for assertion encryption. It is recommended to use an RSA key pair, the key must be provided without password.
Request signing means that the service provider (OpenProject in this case) uses the certificate specified to sign the request to the identity provider. They reuse the same `CERTIFICATE` and `PRIVATE__KEY` settings as for assertion encryption. It is recommended to use an RSA key pair, the key must be provided without password.
To enable request signing, enable the following flag:
For request signing and assertion encryption, these attributes are available
> [!IMPORTANT]
> Example is ONLY for OpenProject version 11 and older and needs to be redesigned for ENV configuration
```yaml
default:
# <-- other configuration -->
mysaml1:
# <-- other configuration -->
certificate: "-----BEGIN CERTIFICATE-----\n .... certificate contents ....\n-----END CERTIFICATE-----"
private_key: "-----BEGIN PRIVATE KEY-----\n .... private key contents ....\n-----END PRIVATE KEY-----"
security:
# Whether SP and idP should sign requests and assertions
authn_requests_signed: true
want_assertions_signed: true
# Whether the idP should encrypt assertions
want_assertions_signed: false
embed_sign: true
signature_method: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
digest_method: 'http://www.w3.org/2001/04/xmlenc#sha256'
```bash
# When true, OpenProject will sign AuthnRequests using the above certificate and private key pair
OPENPROJECT_SAML_SAML_SECURITY_AUTHN__REQUESTS__SIGNED="false"
# When true, OpenProject will require assertions to be signed using a private key matching the provided IDP__CERT
OPENPROJECT_SAML_SAML_SECURITY_WANT_ASSERTIONS_SIGNED="false"
# When true, OpenProject will require assertiations to be encrypted using the public key from CERTIFICATE
OPENPROJECT_SAML_SAML_SECURITY_WANT_ASSERTIONS_ENCRYPTED="false"
# Whether to embed the signature in the request.
OPENPROJECT_SAML_SAML_SECURITY_EMBED__SIGN="true"
# XML definition of signature and digest methods
OPENPROJECT_SAML_SAML_SECURITY_SIGNATURE__METHOD="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
OPENPROJECT_SAML_SAML_SECURITY_DIGEST__METHOD="http://www.w3.org/2000/09/xmldsig#sha1"
```
With request signing enabled, the certificate will be added to the identity provider to validate the signature of the service provider's request.
#### 2.5. Optional: Restrict who can automatically self-register
#### Optional: Restrict who can automatically self-register
You can configure OpenProject to restrict which users can register on the system with the [authentication self-registration setting](../authentication-settings)
By default, users returning from a SAML idP will be automatically created. If you'd like for the SAML integration to respect the configured self-registration option, please use this setting:
```yaml
default:
# <-- other configuration -->
mysaml1:
# <-- other configuration -->
limit_self_registration: true
```bash
OPENPROJECT_SAML_SAML_LIMIT__SELF__REGISTRATION="true"
```
#### 2.6. Optional: Set name_identifier_format
#### Optional: Set name_identifier_format
There are a number of name identifier formats that are relevant, so if you have specific requirements or configuration on the identity provider side, you might need to set the name_identifier_format property.
The default behavior would be to use the email Address like so:
```yaml
default:
# <-- other configuration -->
mysaml1:
# <-- other configuration -->
name_identifier_format: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
```bash
OPENPROJECT_SAML_SAML_NAME__IDENTIFIER__FORMAT="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
```
### 3: Restart the server
### Applying the configuration
Once the configuration is completed, restart your OpenProject server with `service openproject restart`. If you configured SAML through settings, this step can be ignored.
To apply the configuration after changes, you need to run the `db:seed` rake task. In all installations, this command is run automatically when you upgrade or install your application. Use the following commands based on your installation method:
#### XML Metadata exchange
- **Packaged installation**: `sudo openproject run bundle exec rake db:seed`
The configuration will enable the SAML XML metadata endpoint at `https://<your openproject host>/auth/saml/metadata`
- **Docker**: `docker exec -it <container of all-in-one or web> bundle exec rake db:seed`.
### XML Metadata exchange
Once applied, the configuration will enable the SAML XML metadata endpoint at `https://<your openproject host>/auth/saml/metadata`
for service discovery use with your identity provider.
### 4: Log in
### Log in
From there on, you will see a button dedicated to logging in via SAML, e.g named "My SSO" (depending on the name you chose in the configuration), when logging in. Clicking it will redirect to your SSO provider and return with your attribute data to set up the account, or to log in.
![my-sso](my-sso.png)
### 5: Return from the authentication provider
## Troubleshooting
When you return from the authentication provider, you might be shown one of these return paths:
@@ -422,6 +298,22 @@ When you return from the authentication provider, you might be shown one of thes
3. You are being redirected to the account registration modal as user name or email is already taken. In this case, the account you want to authenticate already has an internal OpenProject account. You need to follow the [Troubleshooting](#troubleshooting) guide below to enable taking over that existing account.
4. You are getting an internal or authentication error message. This is often a permission or invalid certificate/fingerprint configuration. Please consult the server logs for any hints OpenProject might log there.
## Direct login
Once created, you can assign this SAML provider to become the direct login provider. Users will be directed to the login page of the provider without seeing a login form in OpenProject. [Read more](../../../installation-and-operations/configuration/#omniauth-direct-login-provider).
In the user interface, you can assign this through [Administration > Authentication > Settings](../authentication-settings/).
Using environment variables, you could also set this in the following way
```bash
OPENPROJECT_OMNIAUTH__DIRECT__LOGIN__PROVIDER="saml" # This value should be the 'name' property of your configuration
```
## Instructions for common SAML providers
In the following, we will provide configuration values for common SAML providers. Please note that the exact values might differ depending on your idP's version and configuration. If you have additions to these variables, please use the "Edit this file" functionality in the "Docs feedback" section of this documentation.
@@ -438,11 +330,11 @@ For ADFS, you need add OpenProject as a "relying part trust" entry within the AD
- **Specify Display Name**: Enter "OpenProject" or any arbitrary name for the OpenProject instance you want to identify
- **Configure Certificate**: Skip this step, unless you explicitly want to enable assertion encryption, whose steps are documented for OpenProject above.
- **Configure URL**: Check "Enable support for the SAML 2.0 WebSSO protocol" and enter the URL `https://<Your OpenProject hostname>/auth/saml`
- **Configure URL**: Check "Enable support for the SAML 2.0 WebSSO protocol" and enter the URL `https://<Your OpenProject hostname>/auth/saml-sso`
- **Configure Identifier**: Add the value `https://<Your OpenProject hostname>` as a "Relying party trust identifier". This is also called the issuer and OpenProject will be configured to send this value
- **Choose Access Control Policy**: Select an appropriate access control policy for the OpenProject instance
- **Ready to Add Trust**: Under the tab endpoints, click on "Add SAML" to add a **SAML Assertion Consumer** with Binding `POST` and the Trusted URL set to `https://<Your OpenProject hostname>/auth/saml/callback`
- **Ready to Add Trust**: Under the tab endpoints, click on "Add SAML" to add a **SAML Assertion Consumer** with Binding `POST` and the Trusted URL set to `https://<Your OpenProject hostname>/auth/saml-sso/callback`
- Click next and select "Configure claims issuance policy for this application"
A new wizard will pop up. If you missed this step, you can right click on the new party to select "Edit Claim Issuance Policy". In there, you will need to create attribute mappings from LDAP for OpenProject to access user data such as login, email address, names etc.
@@ -470,24 +362,38 @@ OpenProject needs the certificate or fingerprint of the ADFS to validate the sig
- Right click on the "Token-signing" certificate and click on "View Certificate..."
- Select the action "Copy to File..."
- Click on Next and select "Base-64 encoded X.509 (.CER)" and click Next
- Export the file and move it to the OpenProject instance or open a shell
- Run the command `awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <path to the certificate>`
- Export the file and copy its contents
-
#### Set up OpenProject for ADFS integration
#### Set up OpenProject UI for ADFS integration
In OpenProject, these are the variables you will need to set. Please refer to the above documentation for the different ways you can configure these variables OpenProject
In OpenProject, these are the variables you will need to set. Please refer to the above documentation for the different ways you can configure these variables OpenProject.
| UI attribute | Value |
| --------------------------------- | ------------------------------------------------------ |
| Display name | for example, `SSO` (name is arbitrary) |
| Attribute Mapping for: Email | mail |
| Attribute Mapping for: Login | uid<br />mail |
| Attribute Mapping for: Last name | sn |
| Attribute Mapping for: First name | givenName |
| Identity provider login endpoint | `https://<Your ADFS hostname>/adfs/ls` |
| Identity provider logout endpoint | `https://<Your ADFS hostname>/adfs/ls/?wa=wsignout1.0` |
| Certificate | the |
**Alternative: Setting up through environment variables**
You will need to format the certificate so that it works in environment variables: `awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <path to the certificate>` . These are the attributes
```shell
OPENPROJECT_SAML_SAML_NAME="saml"
OPENPROJECT_SAML_SAML_NAME="saml-sso"
OPENPROJECT_SAML_SAML_DISPLAY__NAME="ADFS SSO" # This is the text shown to users in OpenProject, freely change this value
OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_EMAIL="[mail]"
OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_LOGIN="[uid, mail]"
OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_FIRST__NAME="[givenName]"
OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_LAST__NAME="[sn]"
OPENPROJECT_SAML_SAML_ASSERTION__CONSUMER__SERVICE__URL="https://<Your OpenProject hostname>/auth/saml/callback"
OPENPROJECT_SAML_SAML_SSO__TARGET__URL="https://<Your ADFS hostname>/adfs/ls"
OPENPROJECT_SAML_SAML_SLO__TARGET__URL="https://<Your ADFS hostname>/adfs/ls/?wa=wsignout1.0"
OPENPROJECT_SAML_SAML_ISSUER="https://<Your OpenProject hostname>"
OPENPROJECT_SAML_SAML_IDP__CERT="<The output of the awk command above>"
```
@@ -500,16 +406,16 @@ In Keycloak, use the following steps to set up a SAML integration OpenProject:
- **Add client**: Enter the following details
- **Client ID**: `https://<Your OpenProject hostname>`
- **Client protocol**: Set to "saml"
- **Client SAML Endpoint**: `https://<Your OpenProject hostname>/auth/saml`
- **Client SAML Endpoint**: `https://<Your OpenProject hostname>/auth/saml-keycloak`
You will be forwarded to the settings tab of the new client. Change these settings:
- Enable **Sign Documents**
- **Master SAML Processing URL**: Set to `https://<Your OpenProject hostname>/auth/saml`
- **Master SAML Processing URL**: Set to `https://<Your OpenProject hostname>/auth/saml-keycloak`
- **Name ID Format** Set to username
- Expand section "Fine Grain SAML Endpoint Configuration"
- **Assertion Consumer Service POST Binding URL**: Set to `https://<Your OpenProject hostname>/auth/saml/callback`
- **Assertion Consumer Service Redirect Binding URL**: Set to `https://<Your OpenProject hostname>/auth/saml/callback`
- **Assertion Consumer Service POST Binding URL**: Set to `https://<Your OpenProject hostname>/auth/saml-keycloak/callback`
- **Assertion Consumer Service Redirect Binding URL**: Set to `https://<Your OpenProject hostname>/auth/saml-keycloak/callback`
Go the "Mappers" tab and create the following mappers. Note that the "User attribute" values might differ depending on your LDAP or Keycloak configuration.
@@ -520,32 +426,32 @@ Go the "Mappers" tab and create the following mappers. Note that the "User attri
| User Attribute | firstName | givenName | givenName | Basic |
| User Attribute | email | mail | mail | Basic |
#### Export the Keycloak public certificate
To view the certificate in Base64 encoding, go to the menu "Realm settings" and click on "Endpoints -> SAML 2.0 Identity Provider Metadata". This will open an XML file, and the certificate is stored in the `ds:X509Certificate` node under the signing key. Copy the content of the certificate (`MII.....`)
#### Set up OpenProject for Keycloak integration
In OpenProject, these are the variables you will need to set. Please refer to the above documentation for the different ways you can configure these variables OpenProject
In OpenProject, you can use the Metadata exchange from Keycloak to import the values. In the keycloak realm, you will find the metadata endpoint for SAML at the bottom of the page under "Realm settings -> Endpoints".
Go to Administration -> Authentication -> SAML providers and create a new provider with the name "Keycloak". Then, use the metadata URL to fill out the parameters. Logging in should immediately work afterwards.
**Alternative: Setting up through environment variables**
You will need to format the certificate so that it works in environment variables. To view the certificate in Base64 encoding, go to the menu "Realm settings" and click on "Endpoints -> SAML 2.0 Identity Provider Metadata". This will open an XML file, and the certificate is stored in the `ds:X509Certificate` node under the signing key. Copy the content of the certificate (`MII.....`)`awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <path to the certificate>` . These are the attributes
```shell
OPENPROJECT_SAML_SAML_NAME="saml"
OPENPROJECT_SAML_SAML_DISPLAY__NAME="Keycloak SSO" # This is the text shown to users in OpenProject, freely change this value
OPENPROJECT_SAML_SAML_NAME="saml-keycloak"
OPENPROJECT_SAML_SAML_DISPLAY__NAME="Keycloak" # This is the text shown to users in OpenProject, freely change this value
OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_EMAIL="[mail]"
OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_LOGIN="[uid, mail]"
OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_FIRST__NAME="[givenName]"
OPENPROJECT_SAML_SAML_ATTRIBUTE__STATEMENTS_LAST__NAME="[sn]"
OPENPROJECT_SAML_SAML_ASSERTION__CONSUMER__SERVICE__URL="https://<Your OpenProject hostname>/auth/saml/callback"
OPENPROJECT_SAML_SAML_SSO__TARGET__URL="https://<Your Keycloak hostname>/realms/<Keycloak REALM>/protocol/saml"
OPENPROJECT_SAML_SAML_SLO__TARGET__URL="https://<Your Keycloak hostname>/realms/<Keycloak RELAM>/protocol/saml"
OPENPROJECT_SAML_SAML_ISSUER="https://<Your OpenProject hostname>"
OPENPROJECT_SAML_SAML_IDP__SSO__SERVICE__URL="https://<Your Keycloak hostname>/realms/<Keycloak RELAM>/protocol/saml"
OPENPROJECT_SAML_SAML_IDP__CERT="<The certificate base64 copied from the metadata XML>"
```
If you're unsure what the realm value is, go to the menu "Realm settings" and click on "Endpoints -> SAML 2.0 Identity Provider Metadata". This will include URLs for the `SingleSignOnService` and `SingleLogoutService`.
## Troubleshooting
## FAQ
**Q: After clicking on a provider badge, I am redirected to a signup form that says a user already exists with that login.**
@@ -562,17 +468,9 @@ sudo openproject run console
Then, existing users should be able to log in using their SAML identity. Note that this works only if the user is using password-based authentication, and is not linked to any other authentication source (e.g. LDAP) or OpenID provider.
Note that this setting is set to true by default for new installations already.
Note that this setting is set to true by default for new installations already. If you're on the Hosted Enterprise Cloud, reach out to our Customer Support to see if this is flag is enabled already.
**Q: Could the users be automatically logged in to OpenProject if they are already authenticated at the SAML Identity Provider?**
A: You are able to chose a default direct-login-provider in the by using environment variables
```yaml
OPENPROJECT_OMNIAUTH__DIRECT__LOGIN__PROVIDER="saml"
```
[Read more](../../../installation-and-operations/configuration/#omniauth-direct-login-provider)
**Q:** `"certificate"` **and** `"private key"` **are used in the SAML configuration and openproject logs show a FATAL error after GET "/auth/saml"** `**FATAL** -- : OpenSSL::PKey::RSAError (Neither PUB key nor PRIV key: nested asn1 error):`
docs/system-admin-guide/authentication/saml/saml-encryption.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 126 KiB

docs/system-admin-guide/authentication/saml/saml-provider-primary-configuration.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 144 KiB

docs/system-admin-guide/authentication/saml/saml-show-view.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 142 KiB

docs/system-admin-guide/authentication/two-factor-authentication/README.md
+1 -1
View File
@@ -13,7 +13,7 @@ To activate and **configure two-factor authentication** for OpenProject, navigat
From the GUI you are able to configure the following options:
1. **Enforce 2FA** (two-factor authentication) for every user. All users will be forced to [register a 2FA device](../../../user-guide/my-account/#two-factor-authentication) on their next login.
1. **Enforce 2FA** (two-factor authentication) for every user. All users will be forced to [register a 2FA device](../../../user-guide/account-settings/#two-factor-authentication) on their next login.
2. **Remember 2FA login** for a given number of days, e.g. 30 days.
3. Press the **Apply** button to save your changes.
docs/system-admin-guide/custom-fields/README.md
+2 -2
View File
@@ -64,8 +64,8 @@ You can [assign a custom field to a work package type](../manage-work-packages/w
You can activate the custom field for specific projects under the respective [project settings](../../user-guide/projects/project-settings/custom-fields/).
>[!TIP]
>This is not relevant if the setting **For all projects** has been configured for the custom field.
> [!TIP]
> This is not relevant if the setting **For all projects** has been configured for the custom field.
You can active a custom field for multiple projects at once by opening the custom field in question and selecting the *Projects* tab. Click the **Add projects** button.
![Add a custom field to multiple projects at once in OpenProject administration](openproject_system_guide_new_custom_field_add_to_projects.png)
docs/system-admin-guide/custom-fields/custom-fields-projects/README.md
+3 -5
View File
@@ -9,8 +9,6 @@ keywords: custom fields for projects, show custom fields
As a user of [OpenProject Enterprise on-premises](https://www.openproject.org/enterprise-edition/) or [OpenProject Enterprise cloud](https://www.openproject.org/enterprise-edition/#hosting-options) you can customize work package lists and show additional project information by adding custom attributes to project lists, e.g. adding accountable, project due date, progress, and more.
>[!IMPORTANT]
>
>Starting with version 14.0, project custom fields are called "project attributes". Please refer to our [user guide on project attributes](../../../user-guide/project-overview) for more information.
>
>If you are an administrator and wish to configure project attributes, please refer to our [admin guide on project attributes](../../projects/project-attributes).
> [!IMPORTANT]
> Starting with version 14.0, project custom fields are called "project attributes". Please refer to our [user guide on project attributes](../../../user-guide/project-overview) for more information.
> If you are an administrator and wish to configure project attributes, please refer to our [admin guide on project attributes](../../projects/project-attributes).
docs/system-admin-guide/design/openproject_system_guide_design_advanced_settings_primer.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 90 KiB

docs/system-admin-guide/design/openproject_system_guide_design_color_theme_pick.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 23 KiB

docs/system-admin-guide/emails-and-notifications/README.md
+1 -1
View File
@@ -58,4 +58,4 @@ To configure **Incoming emails** in OpenProject, navigate to **Administration
**To set up incoming email**, please visit our [Operations guide](../../installation-and-operations/configuration/incoming-emails).
**To configure individual email reminders**, please visit our [User guide](../../user-guide/my-account/#email-reminders).
**To configure individual email reminders**, please visit our [User guide](../../user-guide/account-settings/#email-reminders).
docs/system-admin-guide/integrations/excel-synchronization/README.md
+1 -1
View File
@@ -88,7 +88,7 @@ terms instead, defined in the [relations model](https://github.com/opf/openproje
![Choose-project-900x479@2x](Choose-project-900x479@2x.png)
**URL**: the URL of your OpenProject instance.
**API-Token**: can be generated within your OpenProject installation ->*My Account* -> *Access token*. Generate a new API token and copy & paste it to this form.
**API-Token**: can be generated within your OpenProject installation ->*Account settings* -> *Access token*. Generate a new API token and copy & paste it to this form.
**Project**: this is the project identifier which can be found within the project you want to synchronize -> *Project settings* -> *Information*. It is also shown in the URL if you open a project.
Query ID (this field is optional): enter the ID of a work package query within a project with that you want to synchronize your Excel list.
docs/system-admin-guide/integrations/github-integration/README.md
+8 -7
View File
@@ -96,17 +96,18 @@ The role needs two permissions and should only receive those two: "View work pac
![GitHub user added as member to project with respective role](github-project-member.png)
Once the user is created you need to generate an OpenProject API token for it
to use later on the GitHub side of things. For this you have to:
Once the user is created you need to generate an OpenProject API token for this user (you will need it on the GitHub side). For this you have to:
1. Login as the newly created user
2. Go to My Account (click on Avatar in top right corner)
3. Go to Access Token
4. Click on generate in the API row
2. Go to [Account settings](../../../user-guide/account-settings/) (click on the Avatar in the top right corner and select *Account settings*)
3. Go to [*Access Tokens*](../../../user-guide/account-settings/#access-tokens)
4. Click on **+ API token**
Copy the generated key. You can then configure the necessary webhook in GitHub.
> Make sure you copy the generated key and securely save it, as you will not be able to retrieve it later.
In addition, in *Project settings* and *Modules* you will need to activate the GitHub module so that all information pulling through from GitHub will be shown in the work packages.
You can then configure the necessary webhook in GitHub.
Finally you will need to activate the GitHub module under [Project settings](../../../user-guide/projects/project-settings/modules/) so that all information pulling through from GitHub will be shown in the work packages.
![GitHub-module](Github-module-2647262.png)
docs/system-admin-guide/integrations/gitlab-integration/README.md
+2 -2
View File
@@ -47,8 +47,8 @@ This user will then have to be **added to each project** with a role that allows
Once the user is created you need to generate an OpenProject API token for this user (you will need it on the GitLab side). For this you have to:
1. Login as the newly created user
2. Go to [My Account](../../../user-guide/my-account/) (click on the Avatar in the top right corner and select *My account*)
3. Go to [*Access Tokens*](../../../user-guide/my-account/#access-tokens)
2. Go to [Account settings](../../../user-guide/account-settings/) (click on the Avatar in the top right corner and select *Account settings*)
3. Go to [*Access Tokens*](../../../user-guide/account-settings/#access-tokens)
4. Click on **+ API token**
> Make sure you copy the generated key and securely save it, as you will not be able to retrieve it later.
docs/system-admin-guide/integrations/nextcloud/README.md
+2 -4
View File
@@ -312,10 +312,8 @@ If you face an error while trying to delete or disable user/group "OpenProject"
2. Remove user `OpenProject`
3. Remove group `OpenProject`
4. Inside the _Group folders_ App (*Administration settings → Administration → Group folders*), remove group folder `OpenProject`.
[!WARNING]
This step will delete all files in that folder. Make sure to make a copy if you want to keep these files!**
> [!WARNING]
> This step will delete all files in that folder. Make sure to make a copy if you want to keep these files!**
5. Enable the _OpenProject Integration_ App
### Setting up Nextcloud in OpenProject
docs/system-admin-guide/manage-work-packages/work-package-settings/openproject_system_guide_work_package_settings_warning.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 42 KiB

docs/system-admin-guide/manage-work-packages/work-package-status/README.md
-2
View File
@@ -32,9 +32,7 @@ A new window will open, where you will be able to specify the following:
2. The %&nbsp;Complete value in [Status-based progress calculation mode](../work-package-settings/).
> [!TIP]
>
> The value for % Complete can be set from 0 to 100.
>
3. Define if the new work package status closes a work package (e.g. relevant when filtering for closed for packages), e.g. a work package status "rejected" will set a work package technically on closed and it will not appear in the default work package table with Open Work packages.
docs/system-admin-guide/projects/project-attributes/README.md
+10 -13
View File
@@ -47,8 +47,8 @@ This will display the "New attribute" form with these options:
- **Format**: You can pick from nine different types of fields: text, long text, integer, float, list, date, boolean, user and version.
> [!TIP]
> You cannot change this once the project attribute is created.
> [!TIP]
> You cannot change this once the project attribute is created.
- **Format options:** Depending on the type you choose, you might have additional options, such as minimum and maximum width, default value or regular expressions for validation.
@@ -56,8 +56,8 @@ This will display the "New attribute" form with these options:
- **Admin-only**: If you enable this, the project attribute will only be visible to administrators. All other users will not see it, even if it is activated in a project.
> [!TIP]
> This is enabled by default. Only disable this if you want this field to be invisible to non-admin users.
> [!TIP]
> This is enabled by default. Only disable this if you want this field to be invisible to non-admin users.
- **Searchable**: Checking this makes this project attribute (and its value) available as a filter in project lists.
@@ -69,14 +69,13 @@ You can edit existing attributes under **Administration settings** → **Project
Click on the More icon to the right of each project attribute to edit, re-order or delete a project attribute.
>[!CAUTION]
>Deleting a project attribute will delete it and the corresponding values for it from all projects.
> [!CAUTION]
> Deleting a project attribute will delete it and the corresponding values for it from all projects.
You can also use the drag handles to the left of each project attribute to drag and drop it to a new position.
>[!NOTE]
>
>Project admins can chose to enable or disable a project attribute from their project, but they cannot change the order. The order set in this page is the order in which they will appear in all projects.
> [!NOTE]
> Project admins can chose to enable or disable a project attribute from their project, but they cannot change the order. The order set in this page is the order in which they will appear in all projects.
@@ -111,13 +110,11 @@ You can group project attributes into sections to better organize them.
You can click on more icon to the right of each section to rename it, delete it or change its order.
> [!TIP]
>
> A section can only be deleted if no project attributes were assigned to it.
You can drag any existing project attribute into a section to move it there. You may also drag and drop entire sections up and down to re-order them.
>[!TIP]
>
>If a project attribute belongs to a section, it will be displayed within that section in _all_ projects.
> [!TIP]
> If a project attribute belongs to a section, it will be displayed within that section in _all_ projects.
![Edit project attribute sections in OpenProject administration](open_project_system_admin_guide_project_attributes_section_more_icon_menu.png)
docs/system-admin-guide/system-settings/languages/README.md
+1 -1
View File
@@ -16,4 +16,4 @@ At the moment there are over 30 languages available.
> [!NOTE]
> Many languages are translated by the community. We highly appreciate if you want to [help translating OpenProject to your language](../../../development/translate-openproject).
You can [choose your language in your user profile](../../../user-guide/my-account/#change-your-language).
You can [choose your language in your user profile](../../../user-guide/account-settings/#change-your-language).
docs/system-admin-guide/users-permissions/roles-permissions/README.md
+6 -6
View File
@@ -64,8 +64,8 @@ A user can have one or more roles which grant permissions on different levels.
**A project role** is a set of **permissions** that can be assigned to any project member. Multiple roles can be assigned to the same project member.<br>
>[!NOTE]
>If a module is not enabled in a project it is not shown to a user despite having a permission for it.
> [!NOTE]
> If a module is not enabled in a project it is not shown to a user despite having a permission for it.
| Scope of the role | Permission examples | Customization options |
| ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ |
@@ -75,8 +75,8 @@ A user can have one or more roles which grant permissions on different levels.
**Non member** is the default role of users of your OpenProject instance who have not been added to a project. This only applies if the project has been set as [public](../../../user-guide/projects/#set-a-project-to-public) in the project settings.<br>
>[!NOTE]
The *Non-member* role cannot be deleted.
> [!NOTE]
> The *Non-member* role cannot be deleted.
| Scope of the role | Permission examples | Customization options |
| ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------------ |
@@ -86,7 +86,7 @@ The *Non-member* role cannot be deleted.
OpenProject allows to share project information with **anonymous** users which are not logged in. This is helpful to communicate projects goals and activities with a public community.<br>
>[!NOTE]
> [!NOTE]
> This only applies if you disabled the need for authentication for your instance and if the project is set as **public**. The *Anonymous* role cannot be deleted.
| Scope of the role | Permission examples | Customization options |
@@ -97,7 +97,7 @@ OpenProject allows to share project information with **anonymous** users which a
**Standard** is the default role of users of your OpenProject instance. It is configured by administrators on the instance level. <br>
>[!NOTE]
> [!NOTE]
> The *Standard* role cannot be deleted and it is applied to every user on the instance. Users cannot be assigned to, or unassigned from this role.
| Scope of the role | Permission examples | Customization options |
docs/system-admin-guide/users-permissions/settings/README.md
+2 -2
View File
@@ -33,7 +33,7 @@ The default language is displayed for users when they first sign into OpenProjec
You can also choose if success notifications (e.g. on the work package page) should be hidden automatically.
These settings can be changed by users in their **My Account** page later on.
These settings can be changed by users in their **Account settings** page later on.
## Display format
@@ -49,7 +49,7 @@ In the **User deletion** section you can determine who should be able to delete
By default, only admins are able to delete accounts. If this option is activated, admins can navigate to the user list, select a user account and click on the **Delete** option on the upper right side to delete an account.
Additionally, you can select the option **Users allowed to delete their accounts**. If this option is activated, users can delete their own user accounts from the **My account** page.
Additionally, you can select the option **Users allowed to delete their accounts**. If this option is activated, users can delete their own user accounts from the **Account settings** page.
If you want to prevent users from deleting their own accounts, it is recommended to deactivate this option.
docs/system-admin-guide/users-permissions/users/README.md
+4 -4
View File
@@ -112,7 +112,7 @@ Please note: this only works for users who haven't logged in yet. If the user is
## Manage user settings
You can manage individual user details if you click on the user name in the list. These settings will overwrite the individual user's settings set in their **My Account** settings.
You can manage individual user details if you click on the user name in the list. These settings will overwrite the individual user's settings set in their **Account settings**.
### General settings
@@ -168,11 +168,11 @@ On the **Global roles** tab, select or de-select the global role(s) for this use
### Notification settings
Under **Notification settings** tab you can edit the [notification settings](../../../user-guide/notifications/notification-settings/) for the user. Each user can adjust these settings under [My account](../../../user-guide/my-account) on their own.
Under **Notification settings** tab you can edit the [notification settings](../../../user-guide/notifications/notification-settings/) for the user. Each user can adjust these settings under [Account settings](../../../user-guide/account-settings) on their own.
### Email reminders
Under **Email reminders** tab you can edit the [email reminders settings](../../../user-guide/my-account/#email-reminders). Each user can adjust these settings under [My account](../../../user-guide/my-account) on their own.
Under **Email reminders** tab you can edit the [email reminders settings](../../../user-guide/account-settings/#email-reminders). Each user can adjust these settings under [Account settings](../../../user-guide/account-settings) on their own.
### Rate history
@@ -225,7 +225,7 @@ Leave all fields blank. When the details are saved OpenProject will send an emai
Two [settings](../settings/#user-deletion) allow users to be deleted from the system:
* **User accounts deletable by admins** - if ticked, a **Delete** button is shown on the user details page.
* **Users allowed to delete their accounts** - if ticked, a **Delete account** menu entry is shown in the **My Account** page.
* **Users allowed to delete their accounts** - if ticked, a **Delete account** menu entry is shown in the **Account settings** page.
To delete another user's account open the [user list](#user-list). Click on the **user name** of the user which you want to delete. Click the **Delete** button at the top right.
docs/user-guide/my-account/README.md → docs/user-guide/account-settings/README.md
+51 -51
View File
@@ -6,53 +6,53 @@ description: Learn how to configure account settings.
keywords: my account, account settings, change language
---
# My account
# Account settings
Change your personal settings in My account. Here you can adapt, e.g. the language, edit notifications, or add an avatar. Moreover you can manage access tokens and sessions.
Change your personal settings un der Account settings (earlier called My account). Here you can adapt, e.g. the language, edit notifications, or add an avatar. Moreover you can manage access tokens and sessions.
| Topic | Content |
|-----------------------------------------------------------------------------------------------| ------------------------------------------------------------ |
| [Open My account settings](#open-my-account-settings) | How to open your personal settings in OpenProject |
| [Edit your user information](#edit-your-user-information) | How to change the name or email address in OpenProject |
| Topic | Content |
| ------------------------------------------------------------ | ------------------------------------------------------------ |
| [Open account settings](#open-account-settings) | How to open your personal settings in OpenProject |
| [Edit your user information](#edit-your-user-information) | How to change the name or email address in OpenProject |
| [Profile settings: change your language, time zone or display of comments](#profile-settings) | How to change the language, time zone or display of comments in OpenProject |
| [Change password](#change-password) | How to change my password |
| [Two-factor authentication](#two-factor-authentication) | How to set up a two-factor authentication |
| [Access tokens](#access-tokens) | How to set up access tokens in OpenProject |
| [Session management](#sessions-management) | How to manage your OpenProject sessions |
| [Notifications settings](#notifications-settings) | How to change in-app notifications in OpenProject |
| [Email reminders](#email-reminders) | How to change email reminders sent by OpenProject |
| [Set an Avatar](#set-an-avatar) | How to set an avatar in OpenProject and change the profile picture |
| [Delete account](#delete-account) | How to delete my own account |
| [Change password](#change-password) | How to change my password |
| [Two-factor authentication](#two-factor-authentication) | How to set up a two-factor authentication |
| [Access tokens](#access-tokens) | How to set up access tokens in OpenProject |
| [Session management](#sessions-management) | How to manage your OpenProject sessions |
| [Notifications settings](#notifications-settings) | How to change in-app notifications in OpenProject |
| [Email reminders](#email-reminders) | How to change email reminders sent by OpenProject |
| [Set an Avatar](#set-an-avatar) | How to set an avatar in OpenProject and change the profile picture |
| [Delete account](#delete-account) | How to delete my own account |
## Open My account settings
## Open account settings
To open your personal settings in OpenProject, click on your user icon in the top right corner in the header of the application.
Choose **My account**.
Choose **Account settings**.
![my account profile information](openproject_open_my_account_page.png)
![Account settings in OpenProject](openproject_select_account_settings.png)
## Edit your user information
To change your email address or your name, navigate to **Profile** on the left side menu of **My account** page.
To change your email address or your name, navigate to **Profile** on the left side menu of **Account settings** page.
Here you can update the information and **save** your changes. If you're changing the email address of your account, you will be requested to confirm your account password before you can continue. (Note: This applies only to internal accounts where OpenProject can verify the password).
![openproject_my_account_profile](openproject_my_account_profile.png)
![Profile settings in OpenProject](openproject_account_settings_profile.png)
## Profile settings
Within the **Settings** on **My Account** page you can change the language of OpenProject, adapt the time zone, select which display mode you would like activate and change the order in which comments are displayed in the **Activity list** for work packages.
Within the **Settings** on **Account settings** page you can change the language of OpenProject, adapt the time zone, select which display mode you would like to activate and change the order in which comments are displayed in the **Activity list** for work packages.
Also, you can activate a **warning if you are leaving a work package with unsaved changes**.
Additionally, you can activate to **auto-hide success notifications** from the system. This (only) means that the green pop-up success notifications will be removed automatically after five seconds.
![OpenProject_my_account_page](openproject_my_account_page_settings.png)
![OpenProject personal account settings](openproject_account_settings_settings.png)
### Change your language
To change the language in OpenProject, navigate to the **My account** and choose the menu point **Settings**.
To change the language in OpenProject, navigate to the **Account settings** and choose the menu point **Settings**.
Here you can choose between multiple languages.
@@ -74,7 +74,7 @@ In the dropdown menu **Mode** you can pick the color mode. The default setting i
This mode is recommended for users with visuals impairment.
![High contrast mode in OpenProject](openproject_my_account_high_contrast_mode.png)
![High contrast mode in OpenProject account settings](openproject_account_settings_settings_light_high_contrast_mode.png)
### Select the dark mode
@@ -83,7 +83,7 @@ In the dropdown menu **Mode** you can pick the color mode. The default setting i
> [!NOTE]
> The dark mode ignores parts of the configured design. Top header and side menu colors are entirely overridden for this mode. Only the accent color and the primary button color are kept, but are calculated to brighter variants.
![Dark mode in OpenProject](openproject_my_account_dark_mode.png)
![Dark mode in OpenProject account settings](openproject_account_settings_dark_mode.png)
### Change the order to display comments
@@ -99,9 +99,9 @@ There are two personal settings available for the [Backlogs module](../../user-g
## Change password
In order to reset your password, navigate to **My account** and choose **Change password** in the menu.
In order to reset your password, navigate to **Account settings** and choose **Change password** in the menu.
![my account change password](openproject_my_account_change_password.png)
![Change password under account settings in OpenProject](openproject_account_settings_change_password.png)
Enter your current password.
@@ -114,13 +114,13 @@ Press the blue **Save** button in order to confirm the password changes.
## Two-factor authentication
In order to activate the two-factor authentication for your OpenProject installation, navigate to your **My account** and choose the **Two-factor authentication** in the menu. If you have not added any device yet, this list will be empty.
In order to activate the two-factor authentication for your OpenProject installation, navigate to your **Account settings** and choose the **Two-factor authentication** in the menu. If you have not added any device yet, this list will be empty.
![OpenProject my account two_factor authentication](openproject_my_account_two_factor_authentication.png)
![Two-factor authentication in OpenProject account settings](openproject_account_settings_two_factor_authentication.png)
If you have already registered one or multiple 2FA devices, you will see the list of all activated 2FA devices here. You can change, which of them you prefer to have set a a default option.
![List of all registered 2FA devices in OpenProject](openproject_my_account_2fa_overview.png)
![List of all registered 2FA devices in OpenProject](openproject_account_settings_2fa_overview.png)
In order to register a new device for two-factor authentication, click the green button to add a **new 2FA device** and select one of the options. The options you see will depend on what your system administrator has [activated for your instance](../../system-admin-guide/authentication/two-factor-authentication/):
@@ -128,7 +128,7 @@ In order to register a new device for two-factor authentication, click the green
- App-based authenticator
- WebAuthn
![OpenProject My Account Authentication Options](openproject_my_account_authentication_options.png)
![Authentication options under OpenProject account settings](openproject_account_settings_authentication_options.png)
To receive the second factor, you can use an authentication app on your mobile phone, such as Google Authenticator or Authy. You have to enter the code that is displayed in the authentication app to your login.
@@ -138,7 +138,7 @@ You can remove or approve 2FA applications by confirming your password. Note tha
You can use your mobile phone as a 2FA device. The field *Identifier* will be pre-filled out, you will need to add your phone number and click the green **Continue** button.
![Add a new mobile phone as a 2FA device in OpenProject](openproject_my_account_two_factor_authentication_mobile.png)
![Add a new mobile phone as a 2FA device in OpenProject](openproject_account_settings_two_factor_authentication_mobile.png)
### Use your app-based authenticator
@@ -148,13 +148,13 @@ Click the grey **Register device** button to register an authentication app. Ope
Click the green **Continue** button to finish the registration.
![openproject_my_account_authenticator_app](openproject_my_account_authenticator_app.png)
![openproject_my_account_authenticator_app](openproject_account_settings_authenticator_app.png)
### Use the WebAuth authentication
Use Web Authentication to register a FIDO2 device (like a YubiKey) or the secure enclave of your mobile device as a second factor. After you have chosen a name, you can click the green **Continue** button.
![OpenProject WebAuth authentication](openproject_my_account_authenticator_webauth.png)
![OpenProject WebAuth authentication](openproject_account_settings_authenticator_webauth.png)
Your browser will prompt you to present your WebAuthn device (depending on your operational system and your browser, your options may vary). When you have done so, you are done registering the device.
@@ -166,7 +166,7 @@ If you have created backup codes before, they will be invalidated and will no lo
## Access tokens
To view and manage your OpenProject access tokens navigate to **My account** and choose **Access tokens** from the menu.
To view and manage your OpenProject access tokens navigate to **Account settings** and choose **Access tokens** from the menu.
Access tokens allow you to grant external applications access to resources in OpenProject.
### API
@@ -175,22 +175,22 @@ API tokens allow third-party applications to communicate with this OpenProject i
You can enable an API token under [*Administration -> API and webhooks*](../../system-admin-guide/api-and-webhooks/).
![openproject_my_account_access_tokens](openproject_my_account_access_tokens_api.png)
![Access tokens in OpenProject account settings](openproject_account_settings_access_tokens_api.png)
### iCalendar
iCalendar tokens allow users to subscribe to OpenProject calendars and view up-to-date work package information from external clients.
This list will be empty if you have no calendar subscriptions yet. Once you [subscribe to a calendar](../../user-guide/calendar/#subscribe-to-a-calendar), a list of all the calendars that you have subscribed to will appear here. The name of the calendar is clickable and will lead you directly to the respective calendar in OpenProject.
![OpenProject calendar list under my account](openproject_my_account_access_tokens_calendar_list.png)
![OpenProject calendar list under account settings](openproject_account_settings_access_tokens_calendar_list.png)
You can delete an entry in the iCalendar list by clicking on the **Delete** icon. This will trigger a warning message asking you to confirm the decision to delete. By deleting this token you will no longer have access to OpenProject information in all the linked clients using this token.
![OpenProject delete calendar in My Account](openproject_my_account_access_tokens_delete_calendar.png)
![OpenProject delete calendar under account settings](openproject_account_settings_access_tokens_delete_calendar.png)
You will then see a message informing you that the the token und the iCal URL are now invalid.
![OpenProject calendar access token is invalid](openproject_my_account_access_tokens_calendar_invalid.png)
![OpenProject calendar access token is invalid](openproject_account_settings_access_tokens_calendar_invalid.png)
### OAUTH
@@ -198,7 +198,7 @@ OAuth tokens allow third-party applications to connect with this OpenProject ins
If no third-party application integration has been activated yet, this list will be empty. Please contact your administrator to help you set it up. Once an integration has been set up, you will see the details here and will be able to delete any OAuth tokens by clicking on the **Delete** icon.
![OpenProject OAuth tokens under My Account](openproject_my_account_access_tokens_oauth.png)
![OpenProject OAuth tokens under My Account](openproject_account_settings_access_tokens_oauth.png)
### RSS
@@ -209,13 +209,13 @@ Create a new token by clicking the **+RSS token** button. This will create your
> [!IMPORTANT]
> You will only be able to see the RSS access token once, directly after you create it. Make sure to copy it.
![OpenProject RSS token](openproject_my_account_access_tokens_rss.png)
![OpenProject RSS token](openproject_account_settings_access_tokens_rss.png)
## Sessions management
To view and manage your OpenProject sessions navigate to **My account** and choose **Sessions management** from the menu.
To view and manage your OpenProject sessions navigate to **Account settings** and choose **Sessions management** from the menu.
![openproject_my_account_sessions_management](openproject_my_account_sessions_management.png)
![Sessions management in OpenProject account settings](openproject_account_settings_sessions_management.png)
- **Current sessions**: here you can see all of your sessions. If for example you are logged into OpenProject from different browsers or devices, all will be shown in the list. Current session is the one you are currently using. You can terminate the sessions that are no longer in use. Inactive sessions will be removed from the list after 7 days (depending on the authentication settings they may become invalid earlier).
- **Remembered devices**: here you can see a list of all devices that you are logged into using the "Stay logged in" option. You will have selected that option when [logging in](../../getting-started/sign-in-registration/). Whether or not that option is available and the duration of time for which you can stay logged in depends on the authentication settings of your instance.
@@ -225,9 +225,9 @@ To view and manage your OpenProject sessions navigate to **My account** and choo
## Notifications settings
To configure the notification settings which you receive from the system, navigate to **My account** and choose **Notifications settings** in the menu.
To configure the notification settings which you receive from the system, navigate to **Account settings** and choose **Notifications settings** in the menu.
![openproject_my_account_notifications](openproject_my_account_notifications.png)
![Notification settings in OpenProject account settings](openproject_account_settings_notification_settings.png)
In-app notifications can be configured and customized various ways. For a detailed guide, [click here](../../user-guide/notifications/notification-settings/).
@@ -235,9 +235,9 @@ Please also see our detailed [in-app notifications](../../user-guide/notificatio
## Email reminders
To configure the email reminders which you receive from the system, navigate to **My account** and choose **Email reminders** in the menu. Your system administrator can also set them for you or change the global default settings.
To configure the email reminders which you receive from the system, navigate to **Account settings** and choose **Email reminders** in the menu. Your system administrator can also set them for you or change the global default settings.
![openproject_my_account_email_reminders](openproject_my_account_email_reminders.png)
![Email reminders in OpenProject account settings](openproject_account_settings_email_reminders.png)
You can choose between several email reminders.
@@ -261,9 +261,9 @@ You can also opt-in to receive **email alerts for other items (that are not work
## Set an avatar
To change your profile picture in OpenProject you can set an avatar in your **My account** settings. Navigate to **Avatar** in the menu.
To change your profile picture in OpenProject you can set an avatar in your **Account settings** settings. Navigate to **Avatar** in the menu.
![openproject_my_account_avatar](openproject_my_account_avatar.png)
![Set avatar in OpenProject account settings](openproject_account_settings_avatar.png)
OpenProject uses Gravatar as default profile image. It displays a preview of your avatar.
@@ -274,13 +274,13 @@ Also, you can upload a **Custom Avatar** by choosing a Avatar to be uploaded fro
## Delete account
You can delete your own account in **My account**.
You can delete your own account in **Account settings**.
To delete your account, select **Delete account** from the side menu and enter your login to confirm the deletion.
![openproject_my_account_delete_account](openproject_my_account_delete_account.png)
![Delete account under OpenProject account settings](openproject_account_settings_delete_account.png)
> [!WARNING]
> Deleting a user account is permanent and cannot be reversed.
If you cannot see the entry **Delete account** in the **My account** side menu, make sure the option "Users allowed to delete their account" is [activated in the administration](../../system-admin-guide/users-permissions/settings/#user-deletion).
If you cannot see the entry **Delete account** in the **Account settings** side menu, make sure the option "Users allowed to delete their account" is [activated in the administration](../../system-admin-guide/users-permissions/settings/#user-deletion).
docs/user-guide/my-account/openproject_my_account_2fa_overview.png → docs/user-guide/account-settings/openproject_account_settings_2fa_overview.png
View File
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 46 KiB

After

Width:  |  Height:  |  Size: 46 KiB

docs/user-guide/account-settings/openproject_account_settings_access_tokens_api.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

docs/user-guide/account-settings/openproject_account_settings_access_tokens_calendar_invalid.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 70 KiB

docs/user-guide/account-settings/openproject_account_settings_access_tokens_calendar_list.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

docs/user-guide/account-settings/openproject_account_settings_access_tokens_delete_calendar.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 77 KiB

docs/user-guide/my-account/openproject_my_account_access_tokens_oauth.png → docs/user-guide/account-settings/openproject_account_settings_access_tokens_oauth.png
View File
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 27 KiB

After

Width:  |  Height:  |  Size: 27 KiB

docs/user-guide/my-account/openproject_my_account_access_tokens_rss.png → docs/user-guide/account-settings/openproject_account_settings_access_tokens_rss.png
View File
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 15 KiB

After

Width:  |  Height:  |  Size: 15 KiB

docs/user-guide/account-settings/openproject_account_settings_authentication_options.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

docs/user-guide/my-account/openproject_my_account_authenticator_app.png → docs/user-guide/account-settings/openproject_account_settings_authenticator_app.png
View File
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 56 KiB

After

Width:  |  Height:  |  Size: 56 KiB

docs/user-guide/account-settings/openproject_account_settings_authenticator_webauth.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

docs/user-guide/account-settings/openproject_account_settings_avatar.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

docs/user-guide/account-settings/openproject_account_settings_change_password.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

docs/user-guide/account-settings/openproject_account_settings_dark_mode.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 117 KiB

docs/user-guide/account-settings/openproject_account_settings_delete_account.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 61 KiB

docs/user-guide/account-settings/openproject_account_settings_email_reminders.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 114 KiB

docs/user-guide/account-settings/openproject_account_settings_notification_settings.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 128 KiB

docs/user-guide/account-settings/openproject_account_settings_profile.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 76 KiB

docs/user-guide/account-settings/openproject_account_settings_sessions_management.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 88 KiB

docs/user-guide/account-settings/openproject_account_settings_settings.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 78 KiB

docs/user-guide/account-settings/openproject_account_settings_settings_light_high_contrast_mode.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 122 KiB

docs/user-guide/account-settings/openproject_account_settings_two_factor_authentication.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 130 KiB

docs/user-guide/account-settings/openproject_account_settings_two_factor_authentication_mobile.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 51 KiB

docs/user-guide/account-settings/openproject_select_account_settings.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 175 KiB

docs/user-guide/backlogs-scrum/backlogs-faq/README.md
+1 -1
View File
@@ -30,4 +30,4 @@ Please try these approaches:
## How can I change the user's colors in the task board?
The colors can be changed in each user's personal settings: Please click on your avatar, then navigate to *My account ->Settings ->Backlogs*. There you can change the task color.
The colors can be changed in each user's personal settings: Please click on your avatar, then navigate to *Account settings ->Settings ->Backlogs*. There you can change the task color.
docs/user-guide/backlogs-scrum/taskboard/README.md
+4 -4
View File
@@ -35,10 +35,10 @@ On the very top of the table, sprint impediments are documented and assigned to
The task colors are different for every team member, making it easy to associate tasks with their respective assignees.
## Configure Backlogs settings under My Account
## Configure Backlogs settings under Account settings
If needed, the coloring can be adjusted in the personal user account settings (-> *My Account*). Use hex codes to specify the desired color.
If needed, the coloring can be adjusted in the personal user account settings. Use hex codes to specify the desired color.
![User-guide-task-color](User-guide-task-color.png)
![Set task color under Account settings in OpenProject](openproject_user_guide_backlogs_set_task_color.png)
Here, you can also specify whether the versions in the Backlogs view should be displayed folded. You can choose whether backlogs are to be displayed folded or collapsed by default. In *My account*, select *Settings* from the side menu and check or uncheck the respective box next to the field *Show versions folded*.
Here, you can also specify whether the versions in the Backlogs view should be displayed folded. You can choose whether backlogs are to be displayed folded or collapsed by default. Under *Account settings*, select *Settings* from the side menu and check or uncheck the respective box next to the field *Show versions folded*.
docs/user-guide/backlogs-scrum/taskboard/User-guide-task-color.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 42 KiB

docs/user-guide/backlogs-scrum/taskboard/openproject_user_guide_backlogs_set_task_color.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 88 KiB

docs/user-guide/calendar/README.md
+1 -1
View File
@@ -110,7 +110,7 @@ To subscribe to a calendar:
1. Click on the **\[⋮\] (more) button** on the toolbar and select **Subscribe to calendar**.
2. In the modal that appears, give this calendar a unique name (you can only use it once). We recommend naming it based on where you will be subscribing to this calendar from ("personal phone" or "work tablet" for example).
3. Click on **Copy URL**. This creates the a [calendar token](../../user-guide/my-account/#access-tokens) and copies the calendar URL to your clipboard.
3. Click on **Copy URL**. This creates the a [calendar token](../../user-guide/account-settings/#access-tokens) and copies the calendar URL to your clipboard.
4. Paste this URL in your desired calendar client to subscribe.
![Subscribe to calendar modal](subscribeToCalendar-modal.png)
docs/user-guide/forums/Forum-message-reply.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 21 KiB

docs/user-guide/forums/Forum-unwatch.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 38 KiB

docs/user-guide/forums/Forum-watcher.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 37 KiB

docs/user-guide/forums/Forum_add-message.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 30 KiB

docs/user-guide/forums/Forum_delete-message.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 24 KiB

docs/user-guide/forums/Forum_edit-message.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 24 KiB

docs/user-guide/forums/Forum_watch-message.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 54 KiB

docs/user-guide/forums/README.md
+3 -4
View File
@@ -78,8 +78,7 @@ The **new forum message has been created**.
![New forum message in OpenProject](openproject_user_guide_forums_new_message_created.png)
> [!TIP]
>
> [!TIP]
> Changes you made are saved locally. If you navigated away from page or could not save your changes due to a technical difficulty, you can access latest changes via the editor toolbar.
![Locally saved draft in OpenProject forum message](openproject_user_guide_forums_draft_saved_locally.png)
@@ -108,7 +107,7 @@ You will get a list of all messages within this forum.
Click the **Watch** icon in the top right corner of the forum.
You will then be notified via e-mail according to your [e-mail notifications](../../user-guide/my-account/#notifications-settings) about new messages and replies in a forum.
You will then be notified via e-mail according to your [e-mail notifications](../../user-guide/account-settings/#notifications-settings) about new messages and replies in a forum.
![Watch a forum in OpenProject](openproject_user_guide_forums_watch.png)
@@ -146,4 +145,4 @@ The message details will then be opened. You can make your changes and click th
To **delete a message in a forum**, select the message which you want to delete and press the **Delete** button in the top right corner of the message details.
![Delete a forum message in OpenProject](openproject_user_guide_forums_delete_message.png)
![Delete a forum message in OpenProject](openproject_user_guide_forums_delete_message.png)
docs/user-guide/forums/User-guide-create-new-forum.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 38 KiB

docs/user-guide/forums/User-guide-manage-forums.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 36 KiB

docs/user-guide/forums/image-20191119100717879.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 36 KiB

docs/user-guide/forums/image-20191119102209845.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 73 KiB

Some files were not shown because too many files have changed in this diff Show More