time list / time log return Permission denied while equivalent raw API calls work

[kujhawk94]

Summary

redmine time list returns Permission denied, but equivalent raw API calls through redmine api work with the same profile/API key. Possibly related time log commands also result in Permission denied errors, but the same user work via the web interface.

Environment

• Redmine CLI auth method: API key
• Redmine user: admin user

What happened

This command fails:

redmine time list --issue <issue-id> --limit 0 -o json

Output:

{
  "error": {
    "message": "Permission denied: you don't have the required permissions for this action. Check your Redmine role permissions or contact your administrator.",
    "code": "forbidden"
  }
}

Creating a time entry also fails:

redmine time log --issue <issue-id> --date 2026-05-19 --hours 0.28 --activity <activity-name> --comment "test" -o json

With the same permission error.

Why this looks unexpected

The same profile can read the issue:

redmine issues get <issue-id> -o json

The same profile can read the current user through the raw API:

redmine api /users/current.json -o json

The user is an admin, and is also a project member with a role that has time-tracking permissions.

The project has time tracking enabled:

redmine projects get <project-id-or-identifier> --include enabled_modules -o json

The role includes these permissions:

• log_time
• view_time_entries
• edit_time_entries
• edit_own_time_entries
• manage_project_activities

After creating time entries manually in the Redmine UI, the raw API can list them successfully:

redmine api /time_entries.json -f issue_id=<issue-id> -f limit=100 -o json

That returns the expected entries.

The issue also reports the expected spent time:

redmine api /issues/<issue-id>.json -f include=journals -o json

Response includes:

"spent_hours": 0.53,
"total_spent_hours": 0.53

Possible clue

redmine projects get <project-id-or-identifier> --include time_entry_activities -o json reports the project activities as inactive:

"time_entry_activities": [
  {
    "id": 1,
    "name": "Example Activity",
    "is_default": false,
    "active": false
  }
]

But the global activity enumeration reports the same activity as active:

redmine api /enumerations/time_entry_activities.json -o json

{
  "id": 1,
  "name": "Example Activity",
  "active": true,
  "is_default": false
}

The Redmine UI still allowed creating time entries with that activity, and the raw API can read those entries afterward.

Expected behavior

If this works with the same auth profile:

redmine api /time_entries.json -f issue_id=<issue-id> -f limit=100 -o json

Then I would expect this to list the same entries:

redmine time list --issue <issue-id> --limit 0 -o json

Similarly, if the UI can create the time entry and the user has log_time, I would expect this command to either create the entry or return the underlying Redmine validation error rather than a generic permission error:

redmine time log --issue <issue-id> --date 2026-05-19 --hours 0.28 --activity <activity-name> --comment "test" -o json

[aarondpn]

Thanks for reporting it, I'll take a look!

[aarondpn]

This should be resolved in v2.8.1 (#124).
Please upgrade to v2.8.1 and re-run your commands. If you still hit Permission denied, let me know and we'll reopen.

[kujhawk94]

Working as expected now - thanks! And I appreciate the simple upgrade process via redmine upgrade.