Defect #6776
closed
Weird link_to_if_authorized behavior
0%
Description
See http://www.redmine.org/issues/4416#note-11 , better description once I've had time to have a better look at it ;-)
Update (EM) 03/16/2011 :link_to_if_authorized always takes @project as the current context when it calls User#allowed_to?.
As a symptom (defect), e.g., the parent's shared version wiki page link is rendered as a link in the subproject settings even if the parent project is not accessible by the current user.
Files
Related issues
Updated by Holger Just about 14 years ago
Might be an issue here that link_to_if_authorized checks permission for the project that is @project which might be wrong here if the version is shared and actually lives in another project.
If this is the case (and else too), link_to_if_authorized and subsequently authorize_for should get an optional project parameter. link_to_if_authorize could conveniently try to get the project_id from the options hash.
Updated by Etienne Massip over 13 years ago
- Category set to Projects
- Target version set to Candidate for next minor release
Updated by Etienne Massip over 13 years ago
- File link_to_if_authorized_overridable_context.patch added
Here's a patch.
It also removes parameters_for_method_reference argument in #link_to and #url_for, which is no more supported since of Rails 2.x.
A good location to test is the link to the wiki page of a forbidden project shared version in the project settings versions list, as mentioned in #6435.
Updated by Etienne Massip over 13 years ago
- File link_to_if_authorized_overridable_context.patch added
Nicer syntax + more complete description.
Updated by Etienne Massip over 13 years ago
- File deleted (
link_to_if_authorized_overridable_context.patch)
Updated by Etienne Massip over 13 years ago
- File deleted (
link_to_if_authorized_overridable_context.patch)
Updated by Etienne Massip over 13 years ago
- File link_to_if_authorized_overridable_context.patch added
With test.
Updated by Jean-Philippe Lang over 13 years ago
The patch applies cleanly on r5230 but triggers a bunch of errors in functional tests. The new argument for #authorize_for must be made optional.
Updated by Etienne Massip over 13 years ago
- File link_to_if_authorized_overridable_context.patch link_to_if_authorized_overridable_context.patch added
My bad.
This time, test pass.
Updated by Etienne Massip over 13 years ago
- File deleted (
link_to_if_authorized_overridable_context.patch)
Updated by Jean-Philippe Lang almost 13 years ago
- Status changed from New to Closed
- Target version deleted (
Candidate for next minor release) - Resolution set to Wont fix
User.allowed_to? should be used instead. #link_to_if_authorized does not work with string paths.