Public plugin permission setup problem

Added by James Harris 4 months ago

Greetings,

I'm hoping that someone can help me with Redmine plugin permission configuration.

I have setup the following in my plugin init.rb:

permission :view_my_items, { my_items: [:index, :show] }, public: true

And the corresponding controller as follows:

class MyItemsController < ApplicationController
  before_action :authorize

  def index
    render action: :index
  end

...

However the response when accessing route is:

403 You are not authorized to access this page.

App 118 output: I, [2021-06-09T22:26:22.129616 #118]  INFO -- : Filter chain halted as :authorize rendered or redirected

This is despite being logged into Redmine.


If I place the following in the controller:

before_action :authorize, except: [:index]

then the request is successful, however this seems like doubling up on permission setup.


I had expected that having the permission set with public: true would allow access regardless of group membership etc.

What am I missing here?

Thanks,

James

Replies (1)

RE: Public plugin permission setup problem - Added by James Harris 4 months ago

James Harris wrote:

Greetings,

I'm hoping that someone can help me with Redmine plugin permission configuration.

I have setup the following in my plugin init.rb:

[...]

And the corresponding controller as follows:

[...]

However the response when accessing route is:

[...]

This is despite being logged into Redmine.


If I place the following in the controller:

[...]

then the request is successful, however this seems like doubling up on permission setup.


I had expected that having the permission set with public: true would allow access regardless of group membership etc.

What am I missing here?

Thanks,

James

To assist others in future... I have found that replacing :authorize with :authorize_global worked as expected for :index and :show.

(1-1/1)