Project

General

Profile

Actions

Defect #6776

closed

Weird link_to_if_authorized behavior

Added by Felix Schäfer over 13 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Projects
Target version:
-
Start date:
2010-10-30
Due date:
% Done:

0%

Estimated time:
Resolution:
Wont fix
Affected version:

Description

See http://www.redmine.org/issues/4416#note-11 , better description once I've had time to have a better look at it ;-)

Update (EM) 03/16/2011 :
link_to_if_authorized always takes @project as the current context when it calls User#allowed_to?.

As a symptom (defect), e.g., the parent's shared version wiki page link is rendered as a link in the subproject settings even if the parent project is not accessible by the current user.


Files


Related issues

Related to Redmine - Feature #4416: Link from version details page to edit the wiki.ClosedJean-Baptiste Barth2009-12-16

Actions
Actions #1

Updated by Holger Just over 13 years ago

Might be an issue here that link_to_if_authorized checks permission for the project that is @project which might be wrong here if the version is shared and actually lives in another project.

If this is the case (and else too), link_to_if_authorized and subsequently authorize_for should get an optional project parameter. link_to_if_authorize could conveniently try to get the project_id from the options hash.

Actions #2

Updated by Etienne Massip about 13 years ago

  • Category set to Projects
  • Target version set to Candidate for next minor release
Actions #3

Updated by Etienne Massip about 13 years ago

  • File link_to_if_authorized_overridable_context.patch added

Here's a patch.

It also removes parameters_for_method_reference argument in #link_to and #url_for, which is no more supported since of Rails 2.x.

A good location to test is the link to the wiki page of a forbidden project shared version in the project settings versions list, as mentioned in #6435.

Actions #4

Updated by Etienne Massip about 13 years ago

  • File link_to_if_authorized_overridable_context.patch added

Nicer syntax + more complete description.

Actions #5

Updated by Etienne Massip about 13 years ago

  • File deleted (link_to_if_authorized_overridable_context.patch)
Actions #6

Updated by Etienne Massip about 13 years ago

  • File deleted (link_to_if_authorized_overridable_context.patch)
Actions #7

Updated by Etienne Massip about 13 years ago

  • File link_to_if_authorized_overridable_context.patch added

With test.

Actions #8

Updated by Jean-Philippe Lang about 13 years ago

The patch applies cleanly on r5230 but triggers a bunch of errors in functional tests. The new argument for #authorize_for must be made optional.

Actions #10

Updated by Etienne Massip about 13 years ago

  • File deleted (link_to_if_authorized_overridable_context.patch)
Actions #11

Updated by Jean-Philippe Lang about 12 years ago

  • Status changed from New to Closed
  • Target version deleted (Candidate for next minor release)
  • Resolution set to Wont fix

User.allowed_to? should be used instead. #link_to_if_authorized does not work with string paths.

Actions

Also available in: Atom PDF