Project

General

Profile

Plugin, ajax, query patch and authorized_for

Added by Ole Jungclaussen about 7 years ago

Hi All!

sorry if this should have been in the plugins section, but there is more about plugins, while here I found more questions on developing plugins.

I have written a new "Vote On Issues" plugin, because the existing ([[http://www.redmine.org/plugins/redmine_vote]]) never got past redmine 1.3.3. It works just fine, but I have one last problem I cannot solve.

In the partial hooked into view_issues_show_details_bottom, authorize_for works just fine, but in the query patch and in an ajax .js.erb response it does not.

What does work

init.rb

  project_module :vote_on_issues do
    permission :cast_votes, {:issues => :cast_vote }, :require => :loggedin
    permission :view_votes, {:issues => :view_votes}, :require => :loggedin
  end       

/lib/hooks.rb

render_on :view_issues_show_details_bottom,
          :partial => 'view_issues/show_details_bottom'

plugins/vote_on_issues/app/views/view_issues/_show_details_bottom.erb

    <% if authorize_for('issues', 'view_votes') %>
      *This works just fine*
    <% end %>

Casting a vote invokes an ajax request, which is (successfully) handled here:

class VoteOnIssuesController < ApplicationController
  unloadable

  def cast_vote
    # Handle vote
    # get new vote count
    # ...

    # Auto loads /app/views/vote_on_issues/cast_vote.js.erb
  end
end

This does not work, why?

cast_vote.js.erb

<% if authorize_for('issues', 'view_votes') %>
  *This is never executed, authorize_for always evals to false*
<% end %>

And how do I use authorized_for within a query patch?

init.rb, patch query

issue_query = (IssueQuery rescue Query)
issue_query.add_available_column(QueryColumn.new(:sum_votes_up, :sortable => '(SELECT ...)'))
Issue.send(:include, VoteOnIssues::Patches::QueryPatch)

lib/vote_on_issues/patches/query_patch.rb

module VoteOnIssues
  module Patches
    module QueryPatch
      # ...

      def sum_votes_up
         # if not authorized to view votes, return "-" 
         # else get number of votes
      end

      # ...
    end
  end
end

Any hint, suggestion, or solution would be extremely welcome.

Cheers
Ole


Replies (1)

RE: Plugin, ajax, query patch and authorized_for - Added by Ole Jungclaussen about 7 years ago

In the mean time I found out that the following does work:

/app/views/vote_on_issues/cast_vote.js.erb:

<% if User.current.allowed_to?(:view_votes, nil, :global => true) %>
...
<% end %>

lib/vote_on_issues/patches/query_patch.rb:

if User.current.allowed_to?(:view_votes, nil, :global => true)
    VoteOnIssue.where('vote_val < 0 AND issue_id=?', issue.id).sum('vote_val')
else
    '-'
end

But still...

    (1-1/1)