https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292020-01-12T21:51:58ZRedmineRedmine - Defect #32774: Creating time tracking entry for other user through rest API fails with 403https://www.redmine.org/issues/32774?journal_id=956712020-01-12T21:51:58ZMarius BĂLTEANU
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/6486">Feature #6486</a>: Log time for other users</i> added</li></ul> Redmine - Defect #32774: Creating time tracking entry for other user through rest API fails with 403https://www.redmine.org/issues/32774?journal_id=956732020-01-12T21:52:28ZMarius BĂLTEANU
<ul><li><strong>Related to</strong> deleted (<i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/6486">Feature #6486</a>: Log time for other users</i>)</li></ul> Redmine - Defect #32774: Creating time tracking entry for other user through rest API fails with 403https://www.redmine.org/issues/32774?journal_id=956752020-01-12T21:52:32ZMarius BĂLTEANU
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/3848">Feature #3848</a>: Permission to log time for another user</i> added</li></ul> Redmine - Defect #32774: Creating time tracking entry for other user through rest API fails with 403https://www.redmine.org/issues/32774?journal_id=956772020-01-12T22:08:36ZMarius BĂLTEANU
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Confirmed</i></li><li><strong>Assignee</strong> set to <i>Marius BĂLTEANU</i></li><li><strong>Target version</strong> set to <i>4.1.1</i></li></ul> Redmine - Defect #32774: Creating time tracking entry for other user through rest API fails with 403https://www.redmine.org/issues/32774?journal_id=956782020-01-12T22:51:11ZMarius BĂLTEANU
<ul><li><strong>File</strong> <a href="/attachments/24597">0001-Fix-creating-time-tracking-entry-through-rest-API-do.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/24597/0001-Fix-creating-time-tracking-entry-through-rest-API-do.patch">0001-Fix-creating-time-tracking-entry-through-rest-API-do.patch</a> added</li><li><strong>Assignee</strong> deleted (<del><i>Marius BĂLTEANU</i></del>)</li></ul><p><code>authorize_logging_time_for_other_users</code> returns false because <code>@project</code> is not set yet. Both methods <code>find_optional_issue</code> and <code>find_optional_project</code> from <code>TimelogController</code> expects <code>:issue_id</code> and <code>:project_id</code> only as root params, not nested params (inside <code>:time_entry</code>).</p>
<p>The fix strictly for this case was to override method <code>find_optional_project</code> in order to accept also <code>params[:time_entry][:project_id]</code>. All <a href="https://gitlab.com/redmine-org/redmine/pipelines/108752345" class="external">tests</a> pass.</p>
<p>Jean-Philippe, could your review the fix, please? Also, we should do the same change for <code>find_optional_issue</code> as well?<br />Valdir Stiebe Junior, thanks for detecting and reporting the issue. Could you try the fix from the patch?</p> Redmine - Defect #32774: Creating time tracking entry for other user through rest API fails with 403https://www.redmine.org/issues/32774?journal_id=956792020-01-12T22:52:55ZMarius BĂLTEANU
<ul><li><strong>Subject</strong> changed from <i>Creating time tracking entry through rest API doesn't behaviour like the user interface</i> to <i>Creating time tracking entry for other user through rest API doesn't work</i></li></ul> Redmine - Defect #32774: Creating time tracking entry for other user through rest API fails with 403https://www.redmine.org/issues/32774?journal_id=957042020-01-13T17:34:16ZValdir Stiebe Junior
<ul></ul><blockquote>
<p>Valdir Stiebe Junior, thanks for detecting and reporting the issue. Could you try the fix from the patch?</p>
</blockquote>
<p>It works for us. Thank you!</p> Redmine - Defect #32774: Creating time tracking entry for other user through rest API fails with 403https://www.redmine.org/issues/32774?journal_id=964442020-02-27T01:13:18ZGo MAEDA
<ul><li><strong>Assignee</strong> set to <i>Jean-Philippe Lang</i></li></ul> Redmine - Defect #32774: Creating time tracking entry for other user through rest API fails with 403https://www.redmine.org/issues/32774?journal_id=971502020-04-05T14:29:17ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Subject</strong> changed from <i>Creating time tracking entry for other user through rest API doesn't work</i> to <i>Creating time tracking entry for other user through rest API fails with 403</i></li><li><strong>Status</strong> changed from <i>Confirmed</i> to <i>Resolved</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>Committed, thanks.</p>
<p>Marius BALTEANU wrote:</p>
<blockquote>
<p>Also, we should do the same change for <code>find_optional_issue</code> as well?</p>
</blockquote>
<p>Good point, I've fixed <code>find_optional_issue</code> in <a class="changeset" title="Creating time tracking entry for other user through rest API fails with 403 (#32774)." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/19670">r19670</a>.</p> Redmine - Defect #32774: Creating time tracking entry for other user through rest API fails with 403https://www.redmine.org/issues/32774?journal_id=971602020-04-05T17:33:25ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>New</i></li><li><strong>Resolution</strong> deleted (<del><i>Fixed</i></del>)</li></ul><p>I've reverted the change and will work on another fix.<br />We should not respond with 403 when submitting the form at /time_entries/new with an project or issue that is not OK.</p> Redmine - Defect #32774: Creating time tracking entry for other user through rest API fails with 403https://www.redmine.org/issues/32774?journal_id=971612020-04-05T18:15:24ZMarius BĂLTEANU
<ul></ul><p>Jean-Philippe Lang wrote:</p>
<blockquote>
<p>I've reverted the change and will work on another fix.<br />We should not respond with 403 when submitting the form at /time_entries/new with an project or issue that is not OK.</p>
</blockquote>
<p>Ok, please let me know if you need my help on this.</p> Redmine - Defect #32774: Creating time tracking entry for other user through rest API fails with 403https://www.redmine.org/issues/32774?journal_id=971722020-04-06T10:47:42ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>Fix committed.</p> Redmine - Defect #32774: Creating time tracking entry for other user through rest API fails with 403https://www.redmine.org/issues/32774?journal_id=971732020-04-06T10:51:50ZMarius BĂLTEANU
<ul></ul><p>Jean-Philippe Lang wrote:</p>
<blockquote>
<p>Fix committed.</p>
</blockquote>
<p>Thanks Jean-Philippe for fixing this issue, it seems that I've added some bad lines of code. I'll add in the following weeks a patch to remove the method <code>set_author_if_nil</code> from <code>TimeEntry</code> model.</p>