atlascoder
commented
8 years ago Hello, thanks for the feedback!
It's strange, because I've checked such behavior. I will check it out and try to fix near days.
Closed Peter-Petrik closed 8 years ago
atlascoder
commented
8 years ago Hello, thanks for the feedback!
It's strange, because I've checked such behavior. I will check it out and try to fix near days.
atlascoder
commented
8 years ago Hi, Skvare! I've updated code, sorry for the delay with it..
Peter-Petrik
commented
8 years ago Still seeing the same issue even after pulling down the updated code. Restarted redmine, etc. Anything else I should be doing for this to take effect?
atlascoder
commented
8 years ago Hi!
Did you use git pull or git fetch?
I've checked out twice on a dev and a pro environments and for me everything works as fixed.
Can you look into plugins/tracker_hider/lib/tracker_hider_issue_patch.rb
and check if it has a line
base.send(:include, InstanceMethods)
?
If it hasn't then you have to do git pull within the plugin folder
Peter-Petrik
commented
8 years ago Used git pull, verified the code is in place.
atlascoder
commented
8 years ago I am sure that you are aware, but just to check all circumstances of the issue: plugin doesn't affect on subprojects and on user groups (I guess) and the module should be enabled. If all is the same, then give me please more info: Redmine instance information from admin panel -> Information. My instance looks so:
Environment:
Redmine version 3.0.4.stable
Ruby version 2.2.1-p85 (2015-02-26) [x86_64-linux]
Rails version 4.2.3
Environment production
Database adapter Mysql2
SCM:
Subversion 1.8.8
Git 1.9.1
Filesystem
Redmine plugins:
redmine_checklists 3.1.3
redmine_image_clipboard_paste 1.0.0
redmine_sn_auth 0.0.1
tracker_hider 0.0.1
And probably you can cut logs regarding action of show an issue that should be forbidden.
Peter-Petrik
commented
8 years ago We're on:
Environment:
Redmine version 3.1.2.stable
Ruby version 1.9.3-p0 (2011-10-30) [x86_64-linux]
Rails version 4.2.4
Environment production
Database adapter Mysql2
SCM:
Git 2.6.4
Filesystem
Redmine plugins:
redmine_mail_handler_clean_body_regexp 0.1
redmine_startpage 0.1.0
redmine_workflow_hidden_fields 0.2.0
tracker_hider 0.0.1
atlascoder
commented
8 years ago I've just tested on
Environment: Redmine version 3.1.3.stable Ruby version 1.9.3-p551 (2014-11-13) [x86_64-linux] Rails version 4.2.5
And this is the response when i try to open hidden issue by direct url:
So, everything looks ok.
atlascoder
commented
8 years ago I can't install everything from your environment to check out. But i wonder if it is the same after you add a rule for 'Non Member' role. Could you check it please? I suggest that you looked into log file, but it is not reliable way to find the problem because the plugin uses patch for class and it may not emerge errors into the log if something goes wrong. I also looked briefly into code of your plugins installed, but it looks as without conflict code. It's strange.. I will try to investigate issue with these plugins if we won't find an answer.
Peter-Petrik
commented
8 years ago Added the rule for "Non Member role" and got the same results. No other errors at the moment.
Peter-Petrik
commented
8 years ago Uninstalled plugin, removed all traces. Reinstalled and retested. Same behavior. The only time I get a 403 is when trying to access an issue from a project to which the user does not belong - which is the expected default behavior of redmine.
Happy to coordinate a time to look at this together via screen sharing.
Peter-Petrik
commented
8 years ago FYI - we're also getting reports where clients are receiving a 404 when trying to add a comment to an issue. We've been able to replicate this behavior. Reverting back to commit e972a8a allows for comments. This is all within the fix_trackers branch.
atlascoder
commented
8 years ago Hi, Ok, let's try to make it tomorrow at this time. I am very surprised with issues regarding commenting functions.. But lets look at this tomorrow, please drop me your skype or what you prefer on atlascoder@gmail.com
Peter-Petrik
commented
8 years ago Your latest commit 3546156 fixed the issue. Many thanks!
Switched to "fix_trackers" branch, which is very helpful to hide all traces of trackers, such as on the "New issue" screen. Great job.
However, when the user goes directly to an issue URL for a hidden tracker on the project, such as http://example.com/issues/1234 - they are able to fully see and interact with the issue. This is a problem, as frequently we reference other issues in comments, which would now become exposed.