Defect #6776
closed
Weird link_to_if_authorized behavior
Added by Felix Schäfer about 14 years ago.
Updated almost 13 years ago.
Description
See http://www.redmine.org/issues/4416#note-11 , better description once I've had time to have a better look at it ;-)
Update (EM) 03/16/2011 :
link_to_if_authorized always takes @project as the current context when it calls User#allowed_to?.
As a symptom (defect), e.g., the parent's shared version wiki page link is rendered as a link in the subproject settings even if the parent project is not accessible by the current user.
Files
Might be an issue here that link_to_if_authorized checks permission for the project that is @project which might be wrong here if the version is shared and actually lives in another project.
If this is the case (and else too), link_to_if_authorized and subsequently authorize_for should get an optional project parameter. link_to_if_authorize could conveniently try to get the project_id from the options hash.
- Category set to Projects
- Target version set to Candidate for next minor release
- File link_to_if_authorized_overridable_context.patch added
Here's a patch.
It also removes parameters_for_method_reference argument in #link_to and #url_for, which is no more supported since of Rails 2.x.
A good location to test is the link to the wiki page of a forbidden project shared version in the project settings versions list, as mentioned in #6435.
- File link_to_if_authorized_overridable_context.patch added
Nicer syntax + more complete description.
- File deleted (
link_to_if_authorized_overridable_context.patch)
- File deleted (
link_to_if_authorized_overridable_context.patch)
- File link_to_if_authorized_overridable_context.patch added
The patch applies cleanly on r5230 but triggers a bunch of errors in functional tests. The new argument for #authorize_for must be made optional.
My bad.
This time, test pass.
- File deleted (
link_to_if_authorized_overridable_context.patch)
- Status changed from New to Closed
- Target version deleted (
Candidate for next minor release)
- Resolution set to Wont fix
User.allowed_to? should be used instead. #link_to_if_authorized does not work with string paths.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by