Project

General

Profile

subclassing issues_controller in a plugin getting 403 error now

Added by Blake Bigelow about 15 years ago

About your application's environment
Ruby version 1.8.6 (universal-darwin9.0)
RubyGems version 1.3.1
Rails version 2.1.2
Active Record version 2.1.2
Action Pack version 2.1.2
Active Resource version 2.1.2
Action Mailer version 2.1.2
Active Support version 2.1.2
Application root /Users/bbigelow/redmine-0.8
Environment development
Database adapter mysql
Database schema version 101

I am creating a plugin to implement subtasking issues and am trying to override the index action on the issues_controller. I put in the route

map.connect 'projects/:project_id/issues/:action', :controller => 'subtasking_issues'

to override the default route to issues_controller and then created the following class

class SubtaskingIssuesController < IssuesController
  unloadable

  def index
    retrieve_query
    sort_init 'id', 'desc'
    sort_update({'id' => "#{Issue.table_name}.id"}.merge(@query.columns.inject({}) {|h, c| h[c.name.to_s] = c.sortable; h}))

    if @query.valid?
      limit = per_page_option
      respond_to do |format|
        format.html { }
        format.atom { }
        format.csv  { limit = Setting.issues_export_limit.to_i }
        format.pdf  { limit = Setting.issues_export_limit.to_i }
      end
      statement = @query.statement + "and #{Issue.table_name}.parent_id is null" 
      @issue_count = Issue.count(:include => [:status, :project], :conditions => statement)
      @issue_pages = Paginator.new self, @issue_count, limit, params['page']
      @issues = Issue.find :all, :order => sort_clause,
                           :include => [ :assigned_to, :status, :tracker, :project, :priority, :category, :fixed_version ],
                           :conditions => statement,
                           :limit  =>  limit,
                           :offset =>  @issue_pages.current.offset
      respond_to do |format|
        format.html { render :template => 'issues/index.rhtml', :layout => !request.xhr? }
        format.atom { render_feed(@issues, :title => "#{@project || Setting.app_title}: #{l(:label_issue_plural)}") }
        format.csv  { send_data(issues_to_csv(@issues, @project).read, :type => 'text/csv; header=present', :filename => 'export.csv') }
        format.pdf  { send_data(issues_to_pdf(@issues, @project), :type => 'application/pdf', :filename => 'export.pdf') }
      end
    else
      # Send html if the query is not valid
      render(:template => 'issues/index.rhtml', :layout => !request.xhr?)
    end
  rescue ActiveRecord::RecordNotFound
    render_404
  end
end

The routing override works, but whenever I route through my subclassed controller I get

403

You are not authorized to access this page.

Do i need to redefine the before_filters or something along those lines? Any help would be great.


Replies (5)

RE: subclassing issues_controller in a plugin getting 403 error now - Added by Blake Bigelow about 15 years ago

I found what is causing the 403 error, but cannot think of a good way to solve it. The before_filter find_optional_project makes the following call that returns false:

allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @project, :global => true)

The simple simpe fix is to replace params[:controller] with 'issues' , but I'm looking for a better way to write that out.

RE: subclassing issues_controller in a plugin getting 403 error now - Added by Eric Davis about 15 years ago

The simple simpe fix is to replace params[:controller] with 'issues' , but I'm looking for a better way to write that out.

I can't think of a better way right now. I would wrap find_optional_project in your controller so you don't have to override params[:controller] all over:

def find_optional_project
  params[:controller] = 'issues'
  super
end

Eric

RE: subclassing issues_controller in a plugin getting 403 error now - Added by Blake Bigelow about 15 years ago

Thanks for that tip. After a bit of tinkering and reading through the plugin tutorial some more. I think I figured out the preferred way to me.

In the init.rb file I put in:

project_module :issue_tracking do
    permission :view_issues_subtasking, :subtasking_issues => :index
end

This adds in the permissions to the permissions report so you don't get the 403 error. After I got that figured out I realized I only needed to really override the one controller action so I edited the routes.rb file in my plugin to contain this line:
connect 'projects/:project_id/issues', :controller => 'subtasking_issues'

This way the only thing going through my subclassed controller is the index action and the rest goes through the normal issues_controller.

So far, this seems to be working well, and is keeping with my goal of not mucking with the application source code so that updating will not be a large chore.

RE: subclassing issues_controller in a plugin getting 403 error now - Added by Chiara Canavera almost 15 years ago

Sorry, but I'm having your same problem...
Can you resume how is your class and which configs you have added and where? I can't reconstruct what you've done to resolve the issue...

RE: subclassing issues_controller in a plugin getting 403 error now - Added by Blake Bigelow almost 15 years ago

One thing I always forget to do is to go and actually assign the users with the permissions. That would be the first thing to check. Next make sure any other links you have in your views that you're overriding use the full <%= link_to issue.id, :controller => 'issues', :action => 'show', :id => issue %> setup and send the link back through the original controller. Other than that I'd need more info about what you have.

    (1-5/5)