Redmine Plugin Permissions error
Added by John D. over 1 year ago
Hello everyone!,
Im working on a plugin for work. HR needed some custom functionality and Two requests were made.
1.) When creating an Issue, create 3 sub-Issues for that newly generated issue and copy some data
2.) Add a button to the Issue view to progress through HR's internal workflow
I started with the 1st point (obviously) and managed to extend the Issues controller through a module and use a rails callback to trigger the generation of the sub-issues.
This all worked perfectly fine, no issues.
I moved onto the section task and thought adding a button to trigger a backend function shouldnt be hard, boy was i wrong.
I created the function in the same module that i used to extend the Issues controller because my overall goal is to add as little code to the redmine core as possible for this plugin.
I figured out that you can do a sort of view "overloading" where if you have a view in your plugin with the same name as the view in the controller, as long as your plugin is active, it will take the plugin view and not the native view. This was no issue.
Triggering the function call has been a nightmare. I continually get
Filter chain halted as :authorize rendered or redirected
Completed 403 Forbidden in 706ms (Views: 54.5ms | ActiveRecord: 48.9ms)
I tried the approach found in the rails guides where you can trigger a background function and just return a blank js response but, this didnt help either.
section 4
[[https://guides.rubyonrails.org/v5.0/working_with_javascript_in_rails.html]]
Can someone please help me understand how these permissions work or how to solve this problem? maybe im approaching the issue in the wrong way. I have tried googling countless times but, i always seem to find a solution where they add some functionality to a controller for the plugin and i dont have one and dont want to mess around in the native redmine code
init.rb¶
*require 'kuma_issue_extension/issue_patch'
Redmine::Plugin.register :kuma_aufgaben_extension do
...
project_module :issue_patch do
permission :startworkflow, issue: :startworkflow, :public => true
end
end*
lib/issue_extension/issue_patch.rb¶
require_dependency 'issue'
module IssuePatch
def self.included(base) # :nodoc:
base.send(:include, InstanceMethods)
base.class_eval do
after_save :create_default_subtasks
end
def find_issue
# used for permissions for the workflow button
@issue = Issue.find(params[:issue_id])
end
end
module InstanceMethods
def startworkflow()
@issue = Issue.find(self.id)
puts @issue.status.name
end
private
def create_default_subtasks()
end
def close_children_tickets()
def get_parent_custom_field_id()
def get_parent_custom_fields_values(tmpPalId, tmpProdId, tmpDatenId)
end
end
# Add module to Issue
Issue.send(:include, IssuePatch)
plugins/issue_extension/app/views/issues/_actionmenu.html.erb¶
<div class="contextual">
<%= link_to 'Start Work', controller: "issues", action: "startworkflow", id: @issue %>
<%= link_to l(:button_edit), edit_issue_path(@issue),
:onclick => 'showAndScrollTo("update", "issue_notes"); return false;',
:class => 'icon icon-edit', :accesskey => accesskey(:edit) if @issue.editable? %>
<%= link_to l(:button_log_time), new_issue_time_entry_path(@issue),
:class => 'icon icon-time-add' if User.current.allowed_to?(:log_time, @project) %>
<%= watcher_link(@issue, User.current) %>
<%= link_to l(:button_copy), project_copy_issue_path(@project, @issue),
:class => 'icon icon-copy' if User.current.allowed_to?(:copy_issues, @project) && Issue.allowed_target_projects.any? %>
<%= actions_dropdown do %>
<%= copy_object_url_link(issue_url(@issue, only_path: false)) %>
<%= link_to l(:button_delete), issue_path(@issue),
:data => {:confirm => issues_destroy_confirmation_message(@issue)},
:method => :delete, :class => 'icon icon-del' if @issue.deletable? %>
<% end %>
</div>