Project

General

Profile

Actions

Defect #36446

closed

Watchers autocomplete fails with 403 error when the search is made from multiple objects with different projects

Added by Dmitry Makurin about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Category:
UI
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

Autocomplete is broken when bulk adding watchers for issues from different projects.

How to reproduce:

1. Open /issues.
2. Select two issues from different projects.
3. Press RMB.
4. Watchers => Add.
5. List of users will be shown.
6. Try to filter users.

This is happens because WatchersController can't find project for New and Autocomplete_for_user actions and authorize a user.


Files

36446.patch (3.25 KB) 36446.patch Dmitry Makurin , 2022-01-18 12:45
Actions #2

Updated by Go MAEDA about 2 years ago

  • Tracker changed from Patch to Defect
  • Category set to UI
  • Status changed from New to Confirmed

Confirmed the issue. WatchersController#autocomplete_for_user returns 403 and the autocomplete does not work.

Started GET "/watchers/autocomplete_for_user?object_type=issue&q=dave" for 127.0.0.1 at 2022-01-19 11:42:57 +0900
Processing by WatchersController#autocomplete_for_user as */*
  Parameters: {"object_type"=>"issue", "q"=>"dave"}
  Current user: admin (id=1)
  Rendered common/error.html.erb (Duration: 1.2ms | Allocations: 228)
Filter chain halted as :authorize rendered or redirected
Completed 403 Forbidden in 17ms (Views: 2.5ms | ActiveRecord: 10.8ms | Allocations: 1896)
Actions #3

Updated by Go MAEDA about 2 years ago

  • Target version set to Candidate for next minor release
Actions #4

Updated by Marius BĂLTEANU about 2 years ago

  • Assignee set to Marius BĂLTEANU
Actions #5

Updated by Marius BĂLTEANU about 2 years ago

  • Target version changed from Candidate for next minor release to 4.1.6
Actions #6

Updated by Marius BĂLTEANU about 2 years ago

  • Status changed from Confirmed to Resolved
  • Resolution set to Fixed

Fix committed, thanks!

Actions #7

Updated by Marius BĂLTEANU about 2 years ago

  • Target version changed from 4.1.6 to 4.2.4

Changing target version to 4.2.4 because the change has conflicts on 4.1-stable.

Actions #8

Updated by Marius BĂLTEANU about 2 years ago

  • Subject changed from Autocomplete for users fails with 403 error to Watchers autocomplete fails with 403 error when the search is made from multiple objects with different projects
Actions #9

Updated by Marius BĂLTEANU about 2 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF