Vote #81786
完了Watchers autocomplete fails with 403 error when the search is made from multiple objects with different projects
0%
説明
Autocomplete is broken when bulk adding watchers for issues from different projects.
How to reproduce:
- Open /issues.
- Select two issues from different projects.
- Press RMB.
- Watchers => Add.
- List of users will be shown.
- Try to filter users.
This is happens because @WatchersController@ can't find project for @New@ and @Autocomplete_for_user@ actions and authorize a user.
journals
--------------------------------------------------------------------------------
Confirmed the issue. WatchersController#autocomplete_for_user returns 403 and the autocomplete does not work.
<pre>
Started GET "/watchers/autocomplete_for_user?object_type=issue&q=dave" for 127.0.0.1 at 2022-01-19 11:42:57 +0900
Processing by WatchersController#autocomplete_for_user as */*
Parameters: {"object_type"=>"issue", "q"=>"dave"}
Current user: admin (id=1)
Rendered common/error.html.erb (Duration: 1.2ms | Allocations: 228)
Filter chain halted as :authorize rendered or redirected
Completed 403 Forbidden in 17ms (Views: 2.5ms | ActiveRecord: 10.8ms | Allocations: 1896)
</pre>
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fix committed, thanks!
--------------------------------------------------------------------------------
Changing target version to 4.2.4 because the change has conflicts on 4.1-stable.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------