Project

General

Profile

Redmine Plugin Permissions error

Added by John D. over 1 year ago

Hello everyone!,

Im working on a plugin for work. HR needed some custom functionality and Two requests were made.

1.) When creating an Issue, create 3 sub-Issues for that newly generated issue and copy some data
2.) Add a button to the Issue view to progress through HR's internal workflow

I started with the 1st point (obviously) and managed to extend the Issues controller through a module and use a rails callback to trigger the generation of the sub-issues.

This all worked perfectly fine, no issues.

I moved onto the section task and thought adding a button to trigger a backend function shouldnt be hard, boy was i wrong.

I created the function in the same module that i used to extend the Issues controller because my overall goal is to add as little code to the redmine core as possible for this plugin.

I figured out that you can do a sort of view "overloading" where if you have a view in your plugin with the same name as the view in the controller, as long as your plugin is active, it will take the plugin view and not the native view. This was no issue.

Triggering the function call has been a nightmare. I continually get

Filter chain halted as :authorize rendered or redirected
Completed 403 Forbidden in 706ms (Views: 54.5ms | ActiveRecord: 48.9ms)

I tried the approach found in the rails guides where you can trigger a background function and just return a blank js response but, this didnt help either.

section 4
[[https://guides.rubyonrails.org/v5.0/working_with_javascript_in_rails.html]]

Can someone please help me understand how these permissions work or how to solve this problem? maybe im approaching the issue in the wrong way. I have tried googling countless times but, i always seem to find a solution where they add some functionality to a controller for the plugin and i dont have one and dont want to mess around in the native redmine code

init.rb

*require 'kuma_issue_extension/issue_patch'

Redmine::Plugin.register :kuma_aufgaben_extension do
   ...

  project_module :issue_patch do 
    permission :startworkflow, issue: :startworkflow, :public => true
  end
 end*

lib/issue_extension/issue_patch.rb

require_dependency 'issue'

  module IssuePatch

    def self.included(base) # :nodoc:
      base.send(:include, InstanceMethods)

      base.class_eval do       
        after_save :create_default_subtasks
      end 

      def find_issue
        # used for permissions for the workflow button
        @issue = Issue.find(params[:issue_id])
      end
    end

    module InstanceMethods  

      def startworkflow()
        @issue = Issue.find(self.id)

        puts @issue.status.name
      end

      private 
        def create_default_subtasks()

        end

        def close_children_tickets()

        def get_parent_custom_field_id()

        def get_parent_custom_fields_values(tmpPalId, tmpProdId, tmpDatenId)

    end
  end

  # Add module to Issue
  Issue.send(:include, IssuePatch)

plugins/issue_extension/app/views/issues/_actionmenu.html.erb

<div class="contextual">
<%= link_to 'Start Work', controller: "issues", action: "startworkflow", id: @issue %>
<%= link_to l(:button_edit), edit_issue_path(@issue),
            :onclick => 'showAndScrollTo("update", "issue_notes"); return false;',
            :class => 'icon icon-edit', :accesskey => accesskey(:edit) if @issue.editable? %>
<%= link_to l(:button_log_time), new_issue_time_entry_path(@issue),
            :class => 'icon icon-time-add' if User.current.allowed_to?(:log_time, @project) %>
<%= watcher_link(@issue, User.current) %>
<%= link_to l(:button_copy), project_copy_issue_path(@project, @issue),
            :class => 'icon icon-copy' if User.current.allowed_to?(:copy_issues, @project) && Issue.allowed_target_projects.any? %>
<%= actions_dropdown do %>
  <%= copy_object_url_link(issue_url(@issue, only_path: false)) %>
  <%= link_to l(:button_delete), issue_path(@issue),
              :data => {:confirm => issues_destroy_confirmation_message(@issue)},
              :method => :delete, :class => 'icon icon-del' if @issue.deletable? %>
<% end %>
</div>