Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issues Error 403 #2

Open
paul79 opened this issue Nov 4, 2011 · 24 comments
Open

Issues Error 403 #2

paul79 opened this issue Nov 4, 2011 · 24 comments

Comments

@paul79
Copy link

paul79 commented Nov 4, 2011

After a clean install of redmine_vote I can't view all issues. I always get an 403 error.

What I did:
On VmWare Workstation Windows XP image I have installed the Bitname Redmine-Stack.

I created ond Projekt with one issue. Everything worked fine.

Then I wanted to test redmine_vote.

I opened the Redmine-Stack commandline and changed to the plugin-Directory. Then I used the

git clone https://github.com/cforce/redmine_vote.git

command to install the plugin.

After this I executed the

rake db:migrate_plugins RAILS_ENV=production

command to update the database. Everything worked fine.
Then i restarted redmine. Now the "View all issues" page can't be opened. There is always a 403 error.

Is there a way to fix this? I like this plugin verymuch and I would be very happy if I can use this.

@cforce
Copy link
Owner

cforce commented Nov 5, 2011

Are you using voting in public project as anyomous user?

@paul79
Copy link
Author

paul79 commented Nov 6, 2011

It is a public Project, but authenticated users (one admin, one normal user).

For tests I changed to a non public project. There is the same error.

From the activities page I can open one issue and the voting works fine. Only the tickets overview doesn't work.

@cforce
Copy link
Owner

cforce commented Nov 7, 2011

Hmm .. can reproduce. But i have many plugin installed.

Please post me log section with error, if there is a error.

@paul79
Copy link
Author

paul79 commented Nov 7, 2011

There ist an error:

Processing IssuesController#index (for 192.168.178.24 at 2011-11-07 20:13:56) [GET]
Parameters: {"project_id"=>"test1", "action"=>"index", "controller"=>"issues"}
Rendering template within layouts/base
Rendering common/error (403)
Filter chain halted as [:authorize] rendered_or_redirected.
Completed in 16ms (View: 16, DB: 0) | 403 Forbidden [http://paul-xppc/redmine/projects/test1/issues]

@cforce
Copy link
Owner

cforce commented Nov 8, 2011

@paul79
Copy link
Author

paul79 commented Nov 9, 2011

Thanks, I'll try when I'm back home. But I think I can't give you feedback until tomorrow evening.

@paul79
Copy link
Author

paul79 commented Nov 9, 2011

I did a quick test. The error still existst:

Processing IssuesController#index (for 192.168.178.24 at 2011-11-09 19:26:37) [GET]
Parameters: {"project_id"=>"test1", "action"=>"index", "controller"=>"issues"}
Rendering template within layouts/base
Rendering common/error (403)
Filter chain halted as [:authorize] rendered_or_redirected.
Completed in 47ms (View: 16, DB: 16) | 403 Forbidden [http://paul-xppc/redmine/projects/test1/issues]

@paul79
Copy link
Author

paul79 commented Nov 9, 2011

I did another quicktest. ;-)
I took the old Version from 2009 from https://github.com/jimmyz/redmine_vote.git this on worked fine. But it is 2 years old.

@cforce
Copy link
Owner

cforce commented Nov 9, 2011

And ist missing some features. You can't turn it off per project , not one right to set for onf/off function and not localized

@cforce
Copy link
Owner

cforce commented Nov 9, 2011

I think its still an anymous user problem. Have no time to fix that imho, we only user private projects.. there it works..

@paul79
Copy link
Author

paul79 commented Nov 10, 2011

I know, this is a very old version. So your actual version would be better. All my tests I did with the admin user and private projects.

@cforce
Copy link
Owner

cforce commented Nov 10, 2011

We use redmine 1.2.1 and a lot of plugins..maybe that is the cause ist working for us seamless. I have no empty installation to test ur env - sry

@paul79
Copy link
Author

paul79 commented Nov 15, 2011

Can I help you to find this error. For example give you access to my image?

@paul79
Copy link
Author

paul79 commented Nov 19, 2011

I did some testing, reading, learning....

In my environment it works now. In the \redmine_vote\app\controllers\issues_controller.rb I comment out two lines:

require 'redmine'
require_dependency 'issues_controller'

class IssuesController < ApplicationController
skip_before_filter :authorize, :only => [:vote]
#before_filter :authorize, :except => [ :vote ]

#unloadable

def vote
find_issue
authorize
@issue.vote(params[:vote] == "up" ? :up : :down)
@issue.save
redirect_to :controller => 'issues', :action => 'show', :id => @issue
end
end

Now it works fine for me. But I don't know what these two lines should do. Is there any disadvantage by comment these lines out?

@cforce
Copy link
Owner

cforce commented Nov 19, 2011

Hmm what righzs was set for the user's role you teste with?
Please don't use admin user to test.
I think it shall be
skip_before_filter :authorize, :only => [:view_votes]
before_filter :authorize, :except => [ :view_votes]

either.

@paul79
Copy link
Author

paul79 commented Nov 20, 2011

I tested with a "normal" user. The rights for voting I changed often to test all combinations.

Your change to:
skip_before_filter :authorize, :only => [:view_votes]
before_filter :authorize, :except => [ :view_votes]

doesn't work. I can't vote. If I click to the up or down arrow, I get a 404 error.

At the moment I have commented out one line:

skip_before_filter :authorize, :only => [:vote]
#before_filter :authorize, :except => [ :view_votes ]

unloadable

And this works fine.

@cforce
Copy link
Owner

cforce commented Nov 20, 2011

Well if it works.. ;)

Just to be sure you shall check all combinations in user rights
Role for Test user has right

  • view_votes = he shall be able to see additional column "votes" in issue list, and vote count in issue
  • vote_issue = he shall be able to raise vote count in issue via click
  • view_voter = he shall be able to see voter list in issue

Roles for testuser without rights , shouldn't be able to see/do things stated above.

You shall also test this for special roles (you have to apply a patch, see #1 (comment) first)

  • Non member
  • Anonymous

Give feedback if it works and i will change the code, or make an gitt pull request.

@paul79
Copy link
Author

paul79 commented Nov 21, 2011

Now I understand. The additional column "Votes" is now always visible. I have some ideas to test. But no time to test the next days. I will give you feedback when I have new informations.

@paul79
Copy link
Author

paul79 commented Dec 11, 2011

I'm still working on it. I think I know where there problem is. But I don't know how to fix it. I will give you feedback if there is something new.

@benoitg
Copy link

benoitg commented Apr 23, 2012

Well, I definitely have the same problem. Can't see the list of all issues.

@benoitg
Copy link

benoitg commented Apr 23, 2012

I tried with the patch indicated, and the issue persists. Redmine 1.3.3

@vabue
Copy link

vabue commented May 5, 2012

Redmine 1.4.1

Same error, after commenting

#before_filter :authorize, :except => [ :view_votes ]

I've got a white screen entering in every issue.

@aidinabedi
Copy link

Hi!

Any progress on this? Would be awesome to have it working in redmine 2.0.

Currently I get a error "no such file to load -- vote" when calling "db:migrate_plugins RAILS_ENV=production".

@themel
Copy link

themel commented Nov 23, 2012

I have another 1.4.1 where the authorization does not work. Users are not anonymous. I noted that the default before_filter in issues_controller now exempts :index as well, so the plugin line should correctly be

before_filter :authorize, :except => [ :index, :vote ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants