ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

Global permissions in acts_as_attachable (Feature #614)


Added by Andriy Lesyuk at 2011-09-11 08:31 am. Updated at 2011-09-12 05:59 pm.


Status:Open Start date:2011-09-11
Priority:Normal Due date:
Assignee:- % Done:

0%

Category:Permissions
Target version:-
Remote issue URL:http://www.redmine.org/issues/8109 Affected version:

Description

Acts_as_attachable does not support global permissions - only project permission. That is:

1acts_as_attachable :view_permission => :view_attachments

Does not work if an attachment (image) is to be shown outside a project.

See: http://www.redmine.org/issues/8109

P.S. A patch can be found on issue page


Associated revisions

Revision f5b5688e
Added by Jean-Philippe Lang at 2008-03-16 03:31 pm

Move the filters buttons inside the filters fieldset on the issue list (closes #614).

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1262 e93f8b46-1217-0410-a6f0-8f06a7374b81

History

Updated by Holger Just at 2011-09-11 08:48 am

User::allowed_to with global => true is EVIL and should have never appeared on earth's surface. It implies a behavior that is very hard to control and is surprising for about everybody who hasn't digged through the code. Thus, I'm really rather unwilling to include this patch.

However, having attachments on non-project bound objects is probably worthwhile having and should be considered as part of the general permission overhaul planned for later.

  • (deleted custom field) set to http://www.redmine.org/issues/8109
  • Tracker changed from Bug to Feature

Updated by Andriy Lesyuk at 2011-09-11 12:28 pm

I included the patch generally to demonstrate the issue. Any solution will be fine! Another option I guess is not to check permissions for non-project pages which does not seem good for now.

Updated by Holger Just at 2011-09-11 01:36 pm

Well, visibility of attachments is based on the project of the object that the attachment is attached to. And if I'm not misguided every object type that can have attachments in the ChiliProject core is attached to one project. If you want one attachment to be visible, users thus need the respective permission in the project the attachment lives in.

The situation you describe can thus only occur in plugins which introduce global objects, i.e. ones that are not attached to a project in some way.

These global objects would probably require the concept of "global roles" and "global permissions" in itself. Unfortunately, we don't currently support these concepts (apart from this really bad :global => true which has to die). But we are currently investigating ways to introduce these as part of a greater redesign/rewrite of the whole permission concept. However this will most probably not come before 4.0 or later.

Updated by Andriy Lesyuk at 2011-09-12 05:59 pm

Yes, this is needed for plugin.

Also available in: Atom PDF