Open Mikhail-Kukharenko opened 3 years ago
This is much needed to query single issue with non admin access. @frywer any idea on will this be implemented?
This is much needed to query single issue with non admin access. @frywer any idea on will this be implemented?
Please replace two files with attached . That will give you what you need.
Edit init.rb, and it work, hope it can help someone ^_^
From: permission :view_custom_tables, { custom_entities: [:show] }, global: true
to: permission :view_custom_tables, { custom_entities: [:show],custom_tables: [:show], }, global: true
@znkey Not working
@Mikhail-Kukharenko The path for tow files?! And it's work in redmine5
@KPS250 @Mikhail-Kukharenko @znkey @frywer @vsc55 @prmdhost I'm try the tow solution and not working
In redmine5
Hi. I am trying to read through API the rows of custom table for the specified issue id:
curl -v -X GET -H "Content-Type: application/json" -H "X-Redmine-API-Key: aaaaaaaaaaaaaaaaaa" -d '{"issue_id": "21508"}' "https://mydomain/custom_tables/5.json"
But it doesnt work from normal user, even thou this user has an access to this issue. I understand now, that plugin probably makes SQL-request to the whole table and doesnt check the rights of the user for the specified issue. Therefore this request works only from admin.But the problem is that we cannot run scripts with admin rights on our system....
Can you please may be make one more API-method which would check for the user's right and allow read table rows for the issue, if user has the rights to edit (see) the issue specified in the request? Thank you !
_It looks like Redmine provides the methood to see the needed information: https://www.rubydoc.info/github/edavis10/redmine/Issue#attributes_editable%3F-instance_method_
_Originally posted by @Mikhail-Kukharenko in https://github.com/frywer/custom_tables/issues/18#issuecomment-798897713_