Patch #24623

Implements permissions and restrictions to issue attachments

Added by Frederico Camara 12 months ago. Updated 8 months ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Attachments
Target version:-

Description

If anyone could help implement the test cases, I think this would be a great feature to Redmine.

Test applying the patch from Redmine directory:

patch --dry-run -p1 < atta.version

Then apply:

patch -p1 < atta.version

Patches added to redmine 3.1/3.2, 3.3 and current master.

Patch details:

Permissions:
  • lib/redmine.rb
Permission to view/delete:
  • app/models/issue.rb
  • app/models/journal.rb
  • app/views/issues/show.api.rsb
  • app/views/issues/show.html.erb
  • lib/redmine/export/pdf/issues_pdf_helper.rb
  • lib/plugins/acts_as_searchable/lib/acts_as_searchable.rb
Permission to edit (add):
  • app/views/issues/new.html.erb
  • app/views/issues/_edit.html.erb
Permission to copy (view from, edit to):
  • app/controllers/issues_controller.rb
  • app/models/issue.rb
Mailer restrictions:
  • app/models/mailer.rb
  • app/views/mailer/_issue.html.erb
  • app/views/mailer/_issue.text.erb
Translation:
  • config/locales/en.yml
  • config/locales/pt-BR.yml
Migration:
  • db/migrate/20161215142110_add_attachments_permissions.rb

atta.3.2 - Redmine 3.2-stable (works with 3.1) (14.5 KB) Frederico Camara, 2016-12-15 19:28

atta.3.3 - Redmine 3.3-stable (14.7 KB) Frederico Camara, 2016-12-15 19:28

atta.master - Redmine (master) (14.8 KB) Frederico Camara, 2016-12-15 19:28

img-2017-03-28-12-12-22.png (31.5 KB) Ilya Ternovoy, 2017-03-28 11:16

img-2017-03-28-12-15-45.png (59.3 KB) Ilya Ternovoy, 2017-03-28 11:16

img-2017-03-28-15-42-51.png (60.5 KB) Ilya Ternovoy, 2017-03-28 14:48

Captura de tela de 2017-04-25 11-45-32.png - Issue Permissions (49.6 KB) Frederico Camara, 2017-04-25 17:00


Related issues

Duplicates Redmine - Feature #4362: Permissions on attachments New 2009-12-08
Duplicates Redmine - Feature #9358: Issue attachment permissions New 2011-09-30
Duplicates Redmine - Feature #21562: Add a permission to prevent user delete issues attachments. New

History

#1 Updated by Frederico Camara 12 months ago

To migrate db and restart Rails:

touch tmp/restart.txt;RAILS_ENV=production bundle exec rake db:migrate

#2 Updated by Frederico Camara 12 months ago

I think it's related to:

Feature #9358 - Issue attachment permissions
Feature #4362 - Permissions on attachments
Feature #21562 - Add a permission to prevent user delete issues attachments

#3 Updated by Marius BALTEANU 12 months ago

To increase the changes to have this patch taken into account, you should add tests to it.

#4 Updated by Mischa The Evil 12 months ago

#5 Updated by Mischa The Evil 12 months ago

#6 Updated by Mischa The Evil 12 months ago

  • Duplicates Feature #21562: Add a permission to prevent user delete issues attachments. added

#7 Updated by Go MAEDA 12 months ago

  • Category set to Attachments

#8 Updated by Go MAEDA 12 months ago

This patch introduces 3 permissions as follows.

  • :view_attachments
  • :edit_permission
  • :delete_attachments

Frederico Camara, thank you for posting this useful patch. Could you add tests?

#9 Updated by Frederico Camara 12 months ago

Go MAEDA wrote:

This patch introduces 3 permissions as follows.

  • :view_attachments
  • :edit_permission
  • :delete_attachments

Frederico Camara, thank you for posting this useful patch. Could you add tests?

I will try to, but I'm somewhat new to Ruby/Rails and I don't know how to make tests. At least the Patch Details on the description lists which tests have to be made. This may take a while.

PS: I said it in the first line of the Description :-)

#10 Updated by James Lai 11 months ago

Go MAEDA wrote:

This patch introduces 3 permissions as follows.

  • :view_attachments
  • :edit_permission
  • :delete_attachments

Frederico Camara, thank you for posting this useful patch. Could you add tests?

I found some problem when I login with LDAP's account(AD),it show "Internal error";and if use built-in account to login, it can work normal.
my redmine version is below:
Environment:
Redmine version 3.3.1.stable
Ruby version 2.3.1-p112 (2016-04-26) [x86_64-linux]
Rails version 4.2.7.1
Environment production
Database adapter PostgreSQL

#11 Updated by Frederico Camara 11 months ago

James Lai wrote

I found some problem when I login with LDAP's account(AD),it show "Internal error";and if use built-in account to login, it can work normal.
my redmine version is below:
Environment:
Redmine version 3.3.1.stable
Ruby version 2.3.1-p112 (2016-04-26) [x86_64-linux]
Rails version 4.2.7.1
Environment production
Database adapter PostgreSQL

Could you post the error log for the internal error you are receiving? It could be caused by a plugin, or by a bug in my code, I don't know.

I use ldap login at work, but I think someone implemented some restriction for my development environment. I don't think it can still reach the ldap server, I'll try it later.

Thank you.

#12 Updated by James Lai 11 months ago

Frederico Camara wrote:

James Lai wrote

I found some problem when I login with LDAP's account(AD),it show "Internal error";and if use built-in account to login, it can work normal.
my redmine version is below:
Environment:
Redmine version 3.3.1.stable
Ruby version 2.3.1-p112 (2016-04-26) [x86_64-linux]
Rails version 4.2.7.1
Environment production
Database adapter PostgreSQL

Could you post the error log for the internal error you are receiving? It could be caused by a plugin, or by a bug in my code, I don't know.

I use ldap login at work, but I think someone implemented some restriction for my development environment. I don't think it can still reach the ldap server, I'll try it later.

Thank you.

I've resolved it now,it is some file's permission(production log and tmp/ldapcatche) cause,now I've resolved it.Thank you.

#13 Updated by James Lai 11 months ago

Hello Frederico,when I patch atta.3.3 throw "patch --dry-run -p1 < atta.3.3",I get the error as below:

checking file app/controllers/issues_controller.rb
Hunk #1 FAILED at 136 (different line endings).
Hunk #2 FAILED at 474 (different line endings).
2 out of 2 hunks FAILED
checking file app/models/issue.rb
Hunk #1 FAILED at 43 (different line endings).
Hunk #2 FAILED at 265 (different line endings).
2 out of 2 hunks FAILED
checking file app/models/journal.rb
Hunk #1 FAILED at 74 (different line endings).
1 out of 1 hunk FAILED

So I have to change it by manual.

#14 Updated by Frederico Camara 11 months ago

James Lai wrote:

Hello Frederico,when I patch atta.3.3 throw "patch --dry-run -p1 < atta.3.3",I get the error as below:

checking file app/controllers/issues_controller.rb
Hunk #1 FAILED at 136 (different line endings).
Hunk #2 FAILED at 474 (different line endings).
2 out of 2 hunks FAILED
checking file app/models/issue.rb
Hunk #1 FAILED at 43 (different line endings).
Hunk #2 FAILED at 265 (different line endings).
2 out of 2 hunks FAILED
checking file app/models/journal.rb
Hunk #1 FAILED at 74 (different line endings).
1 out of 1 hunk FAILED

So I have to change it by manual.

You probably use Windows. Windows and Linux use different characters for line endings. Unless you use an editor that respects that, you can unknowingly change the end of line characters of thefiles or on the patch file, and patch will fail. Maybe you'll have to sed end of line characters or use unix2dos/dos2unix.

Tip: Google for "patch different line endings".

#15 Updated by James Lai 11 months ago

Hello, Frederico,
I have test again, using centos7(CentOS Linux release 7.3.1611 (Core)) and redmine 3.3.2 version,in redmine path I run "patch --dry-run -p1 < atta.3.3" ,the same error appear.

#16 Updated by Frederico Camara 11 months ago

James Lai wrote:

Hello, Frederico,
I have test again, using centos7(CentOS Linux release 7.3.1611 (Core)) and redmine 3.3.2 version,in redmine path I run "patch --dry-run -p1 < atta.3.3" ,the same error appear.

Maybe there's something different with the redmine package you're using. Try this: on Redmine directory, issue these two commands:

cat -et atta.3.3 | head
cat -et app/models/journal.rb | head

cat -et exposes the end of line characters, head shows only the beginning on the file.You should see some difference at the end of each line between the two files. If you do, my guess is you're using redmine packaged using windows. I installed Redmine using git, but I know Redmine community uses something else. The end of line character does not make any difference for Ruby, but it does for patch.

You can probably solve it using dos2unix:

find . -type f -exec dos2unix {} \;

Patch should work then.

#17 Updated by James Lai 11 months ago

Hello, Frederico,
Thank you very much,now I use redmine-3.3.2.tar.gz to installed and patch success.

#18 Updated by Toshi MARUYAMA 11 months ago

Frederico Camara wrote:

Go MAEDA wrote:

This patch introduces 3 permissions as follows.

  • :view_attachments
  • :edit_permission
  • :delete_attachments

Frederico Camara, thank you for posting this useful patch. Could you add tests?

I will try to, but I'm somewhat new to Ruby/Rails and I don't know how to make tests.

You can see examples.
source:trunk/test

#19 Updated by Ricky Liu 9 months ago

Good patch, thank you very much!
Works with redmine-3.3 stable and LDAP fine.

#20 Updated by Ilya Ternovoy 9 months ago

I have installed the patch and made database migration succesfully. But it seems like no changes on role permission page. Where is those settings?

Environment:
CentOS Linux release 7.2.1511 (Core)
Redmine version 3.3.0.stable
Ruby version 2.0.0-p598 (2014-11-13) [x86_64-linux]
Rails version 4.2.6
Redmine plugins:
clipboard_image_paste 1.6a
redmine_agile 1.4.1
redmine_ldap_sync 2.0.8.devel.g341b902df1
sidebar_hide 0.0.2

#21 Updated by Ilya Ternovoy 9 months ago

Ilya Ternovoy wrote:

I have installed the patch and made database migration succesfully. But it seems like no changes on role permission page. Where is those settings?

Environment:
CentOS Linux release 7.2.1511 (Core)
Redmine version 3.3.0.stable
Ruby version 2.0.0-p598 (2014-11-13) [x86_64-linux]
Rails version 4.2.6
Redmine plugins:
clipboard_image_paste 1.6a
redmine_agile 1.4.1
redmine_ldap_sync 2.0.8.devel.g341b902df1
sidebar_hide 0.0.2

I rebooted the server and now attachments settings are available on "role and permissions" page. But checkbox "Delete attachments" has no effect. I mean even if i uncheck it the user can delete an attachment anyway. Should I uncheck any other checkboxes to forbid user delete attachment? Current permission screen in attachment

#22 Updated by Ilya Ternovoy 9 months ago

Ilya Ternovoy wrote:

I rebooted the server and now attachments settings are available on "role and permissions" page. But checkbox "Delete attachments" has no effect. I mean even if i uncheck it the user can delete an attachment anyway. Should I uncheck any other checkboxes to forbid user delete attachment? Current permission screen in attachment

Patch works great!) It seems like I have attachment delete button because I am admin, in spite of my role on project. Users who are not admins do not see delete button now! Thanks!

#23 Updated by Frederico Camara 9 months ago

Ilya Ternovoy wrote:

Ilya Ternovoy wrote:

I rebooted the server and now attachments settings are available on "role and permissions" page. But checkbox "Delete attachments" has no effect. I mean even if i uncheck it the user can delete an attachment anyway. Should I uncheck any other checkboxes to forbid user delete attachment? Current permission screen in attachment

Patch works great!) It seems like I have attachment delete button because I am admin, in spite of my role on project. Users who are not admins do not see delete button now! Thanks!

You're welcome.

Admins are so powerful, I am usually logged as a normal user in a normal browser window, and as admin in a separate private browser window.

#24 Updated by James Lai 8 months ago

Hello,Frederico
your patch is very usefully,and I think that how to realize the document module's attachment upload permission,are you any idea? thank you!

#25 Updated by Frederico Camara 8 months ago

James Lai wrote:

Hello,Frederico
your patch is very usefully,and I think that how to realize the document module's attachment upload permission,are you any idea? thank you!

The redmine Documents module has its own permissions. They are grouped under Documents in Administration > Roles and Permissions.

#26 Updated by James Lai 8 months ago

Frederico Camara wrote:

James Lai wrote:

Hello,Frederico
your patch is very usefully,and I think that how to realize the document module's attachment upload permission,are you any idea? thank you!

The redmine Documents module has its own permissions. They are grouped under Documents in Administration > Roles and Permissions.

I mean is I can control user to upload attachment permission.give an example,developer or reporter can add document,but can not upload attechments,only manager can add document and upload attachments.

#27 Updated by Frederico Camara 8 months ago

James Lai wrote:

Frederico Camara wrote:

James Lai wrote:

Hello,Frederico
your patch is very usefully,and I think that how to realize the document module's attachment upload permission,are you any idea? thank you!

The redmine Documents module has its own permissions. They are grouped under Documents in Administration > Roles and Permissions.

I mean is I can control user to upload attachment permission.give an example,developer or reporter can add document,but can not upload attechments,only manager can add document and upload attachments.

I don't think I understand what you're trying to say. What I meant is that permissions for Documents are independent of permissions for Issue attachments. See the edited screencapture I made "Issue Permissions" (attached).

#28 Updated by James Lai 8 months ago

Frederico Camara wrote:

James Lai wrote:

Frederico Camara wrote:

James Lai wrote:

Hello,Frederico
your patch is very usefully,and I think that how to realize the document module's attachment upload permission,are you any idea? thank you!

The redmine Documents module has its own permissions. They are grouped under Documents in Administration > Roles and Permissions.

I mean is I can control user to upload attachment permission.give an example,developer or reporter can add document,but can not upload attechments,only manager can add document and upload attachments.

I don't think I understand what you're trying to say. What I meant is that permissions for Documents are independent of permissions for Issue attachments. See the edited screencapture I made "Issue Permissions" (attached).

thank you very much.

Also available in: Atom PDF