ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

Cannot edit note (Bug #888)


Added by Tom Rochette at 2012-02-15 05:18 am. Updated at 2012-04-05 10:45 pm.


Status:Closed Start date:2012-02-15
Priority:Normal Due date:
Assignee:- % Done:

0%

Category:Issue tracking
Target version:3.1.0
Remote issue URL: Affected version:3.0.0

Description

I'm trying to edit a note I left on an issue by clicking on the little pencil (link is https://www.chiliproject.org/journals/edit/14451) but it returns me a 403 like I don't have the permission to do so (which is possible).

If I'm not allowed to edit the note, I shouldn't see the pencil icon to the right of the note.


Related issues

related to Bug #966: "edit own notes" fails since 3.1.0 Closed 2012-04-05

Associated revisions

Revision 2c762405
Added by Felix Schäfer at 2012-03-05 06:13 pm

Fix edit issue notes permission #888

History

Updated by Felix Schäfer at 2012-03-01 01:15 am

Everyone should be able to edit his own notes, so you shouldn't be getting a 403. Can you confirm this is still an issue and if so point me to the issue the journal is part of (the link you posted seems to be ajax only) and maybe note the time when you tried to call the link so I can see if the logs have a say in this? Thanks!

Updated by Tom Rochette at 2012-03-01 02:15 am

https://www.chiliproject.org/issues/869 contains a request to https://www.chiliproject.org/journals/edit/14350 when I click on https://www.chiliproject.org/issues/869# (the little pencil).

I've done the request a couple of times at 21:17.

Still no success (not working on any comments I've left on other issues as well).

Updated by Felix Schäfer at 2012-03-02 12:01 am

Heh, I hadn't thought about timezones and searched at the wrong place for a few seconds _

Anyway, I found the place your requests came in, there's nothing of interest in the logs other than that you hit 403s though. I could open the edit pane there OK though, so it's note an issue with the functionality but the authorization taking place before it.

Updated by Felix Schäfer at 2012-03-02 12:16 am

OK, the crux of the issue is the call to editable_by? user on the journal in the permission check in JournalsController#edit source:/app/controllers/journals_controller.rb#L67, because it's not aware of the :edit_own_issue_note permission, which is the only one applicable to you here.

Updated by Felix Schäfer at 2012-03-02 12:41 am

Proposed fix in on github.

  • Target version set to 3.1.0
  • Status changed from Open to Ready for review

Updated by Felix Schäfer at 2012-03-05 05:17 pm

Fix committed in 2c76240, thanks for reporting.

  • Status changed from Ready for review to Closed

Updated by Tom Rochette at 2012-04-05 10:45 pm

Confirmed to work properly on chiliproject.org since the update to 3.1.0. I can edit my notes.

Thanks!

Also available in: Atom PDF