Defect #36446

Watchers autocomplete fails with 403 error when the search is made from multiple objects with different projects

Added by Dmitry Makurin 4 months ago. Updated 4 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Marius BALTEANU% Done:

0%

Category:UI
Target version:4.2.4
Resolution:Fixed Affected version:

Description

Autocomplete is broken when bulk adding watchers for issues from different projects.

How to reproduce:

1. Open /issues.
2. Select two issues from different projects.
3. Press RMB.
4. Watchers => Add.
5. List of users will be shown.
6. Try to filter users.

This is happens because WatchersController can't find project for New and Autocomplete_for_user actions and authorize a user.

36446.patch Magnifier (3.25 KB) Dmitry Makurin , 2022-01-18 12:45

Associated revisions

Revision 21394
Added by Marius BALTEANU 4 months ago

Fix autocomplete for users fails with 403 error when there are multiple objects from different projects (#36446).

Patch by Dmitry Makurin.

Revision 21397
Added by Marius BALTEANU 4 months ago

Merged r21394 to 4.2-stable (#36446).

History

#1 Updated by Dmitry Makurin 4 months ago

#2 Updated by Go MAEDA 4 months ago

  • Tracker changed from Patch to Defect
  • Category set to UI
  • Status changed from New to Confirmed

Confirmed the issue. WatchersController#autocomplete_for_user returns 403 and the autocomplete does not work.

Started GET "/watchers/autocomplete_for_user?object_type=issue&q=dave" for 127.0.0.1 at 2022-01-19 11:42:57 +0900
Processing by WatchersController#autocomplete_for_user as */*
  Parameters: {"object_type"=>"issue", "q"=>"dave"}
  Current user: admin (id=1)
  Rendered common/error.html.erb (Duration: 1.2ms | Allocations: 228)
Filter chain halted as :authorize rendered or redirected
Completed 403 Forbidden in 17ms (Views: 2.5ms | ActiveRecord: 10.8ms | Allocations: 1896)

#3 Updated by Go MAEDA 4 months ago

  • Target version set to Candidate for next minor release

#4 Updated by Marius BALTEANU 4 months ago

  • Assignee set to Marius BALTEANU

#5 Updated by Marius BALTEANU 4 months ago

  • Target version changed from Candidate for next minor release to 4.1.6

#6 Updated by Marius BALTEANU 4 months ago

  • Status changed from Confirmed to Resolved
  • Resolution set to Fixed

Fix committed, thanks!

#7 Updated by Marius BALTEANU 4 months ago

  • Target version changed from 4.1.6 to 4.2.4

Changing target version to 4.2.4 because the change has conflicts on 4.1-stable.

#8 Updated by Marius BALTEANU 4 months ago

  • Subject changed from Autocomplete for users fails with 403 error to Watchers autocomplete fails with 403 error when the search is made from multiple objects with different projects

#9 Updated by Marius BALTEANU 4 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF