roadmap icon indicating copy to clipboard operation
roadmap copied to clipboard
verified publisher icon DMPRoadmap

Prevent '%{org_title} Plans' Section From Displaying Plans Created by Users From Other Organisations

Open aaronskiba opened this issue 1 year ago • 1 comments

Fixes #3345 Fixes #3414

Changes proposed in this PR:

  • app/controllers/application_controller.rb

    • Add pdf handling in render_respond_to_format_with_error_message
      • render_respond_to_format_with_error_message is called both when rescuing from Pundit::NotAuthorizedError and ActiveRecord::RecordNotFound. The method works properly with .html format, but prior to this change, ActionController::UnknownFormat was thrown for .pdf format.

  • Edit scope :organisationally_or_publicly_visible

    • Within this scope, replace Org.org_admin_plans with newly created Org.owned_plans.
      • Org.org_admin_plans would return any plan where plan.org_id = Org.id. In addition, it would return any plan where a user with user.org_id = Org.id had Administrator access on the plan.
      • Org.owned_plans only returns plans where the Creator access for the plan belongs to a user with user.org_id = Org.id

aaronskiba avatar Apr 30 '24 16:04 aaronskiba 

</tr>
1 Error
:no_entry_sign:

Please include a CHANGELOG entry.

You can find it at [CHANGELOG.md](https://github.com/DMPRoadmap/roadmap/blob/main/CHANGELOG.md).

Generated by :no_entry_sign: Danger

github-actions[bot] avatar Apr 30 '24 16:04 github-actions[bot]

Closing this for now. More discussion is needed on how to resolve issue #3345.

aaronskiba avatar May 14 '24 20:05 aaronskiba