注册
登录
redmine
Ruby on rails控制器副本不授权用户
返回
Ruby on rails控制器副本不授权用户
作者:
圈圈红
发布时间:
2024-12-24 02:59:39 (2月前)
转自:
<p> <br/> 免责声明:我对红宝石完全不熟悉..</p><p>我已经用名称timelog_estimates_controller.rb复制了这个控制器,将类名更改为TimelogEstimatesController创建了不同的路由但是……<br/> <br/></p>
收藏
举报
2 条回复
0#
回复此人
࿏自ོ༾由ོ༽人͙⃡⌇
|
2019-08-31 10-32
<div class =“post-text”itemprop =“text”> <P> Redmine使用声明性许可。创建新控制器时,它及其操作在权限定义中缺失,因此无法访问。 </p> <P> 要解决这个问题,您需要将新控制器的相关操作包含在权限定义中。 <a href="https://github.com/redmine/redmine/blob/2.6-stable/lib/redmine.rb#L128-L134" rel="nofollow"> 这是在的位置 <code> lib/redmine.rb </code> </A> 你可能需要修改。复制到此为清晰起见: </p> <pre> <code> map.project_module :time_tracking do |map| map.permission :log_time, {:timelog => [:new, :create]}, :require => :loggedin map.permission :view_time_entries, {:timelog => [:index, :report, :show]}, :read => true map.permission :edit_time_entries, {:timelog => [:edit, :update, :destroy, :bulk_edit, :bulk_update]}, :require => :member map.permission :edit_own_time_entries, {:timelog => [:edit, :update, :destroy,:bulk_edit, :bulk_update]}, :require => :loggedin map.permission :manage_project_activities, {:project_enumerations => [:update, :destroy]}, :require => :member end </code> </pre> <P> 你应该在这个块中添加这样的东西: </p> <pre> <code> map.permission :view_time_estimates, {:timelog_estimates => [:index, :report, :show]}, :read => true map.permission :edit_time_estimates, {:timelog_estimates => [:edit, :update, :destroy, :bulk_edit, :bulk_update]}, :require => :member map.permission :edit_own_time_estimates, {:timelog_estimates => [:edit, :update, :destroy,:bulk_edit, :bulk_update]}, :require => :loggedin </code> </pre> <P> 授权通过您的控制器中的此调用进行: </p> <pre> <code> before_filter :authorize_global, :only => [:new, :create, :index, :report] </code> </pre> <P> 如果你跟着 <code> authorize_global </code> 实施,你会的 <a href="https://github.com/redmine/redmine/blob/2.6-stable/app/controllers/application_controller.rb#L269-L281" rel="nofollow"> 找到这个 </A> : </p> <pre> <code> # Authorize the user for the requested action def authorize(ctrl = params[:controller], action = params[:action], global = false) allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global) if allowed true else if @project && @project.archived? render_403 :message => :notice_not_authorized_archived_project else deny_access end end end </code> </pre> <P> 该 <code> render_403 </code> line是你得到错误的原因。 </p> </DIV>
编辑
登录
后才能参与评论
