Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AO3-6859 Fix admins being disallowed from tags pages #5001

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

AO3-6859 Fix admins being disallowed from tags pages #5001

wants to merge 5 commits into from

Conversation

WelpThatWorked
Copy link
Contributor

Issue

https://otwarchive.atlassian.net/browse/AO3-6859

Purpose

Only check auth if the tag is banned, so non-wrangler admin roles can view normal tags.
Drop comment that doesn't describe the action anymore.
Tweak check so wrangler tools are fully hidden for non-wrangler admins.
Fix test that was calling the wrong (?) action.

I'm not fully certain why the auth check was added to #show, so I'm assuming that it was meant to only apply to Banned tags.

Credit

Jake Faulkner

@Bilka2
Copy link
Contributor

Bilka2 commented Jan 5, 2025
edited
Loading

There should not have been a restriction per role on the show action at all since it's not mentioned in the original Jira issue. So I think it would be best to simply remove the authorize call from the action and to adjust the tests accordingly.

For can_wrangle?, I think that needs to stay as is as well, without your change. It also controls the visibility of the comments button on the tags show page, which needs to stay because any admin can access those.

@WelpThatWorked
Copy link
Contributor Author

For can_wrangle?, I think that needs to stay as is as well, without your change. It also controls the visibility of the comments button on the tags show page, which needs to stay because any admin can access those.

I don't think this is the intended/correct behavior. d00f3de, the commit where the permission check for viewing tag-comments (check_tag_wrangler_access in comments controller) was added specifies that it should be tag wranglers only. Additionally, the other two buttons in the same nav header deny access to non-wrangler admins, so I suspect that the comments controller was just overlooked in the original issue, and check_tag_wrangler_access should be updated in a similar way.

There should not have been a restriction per role on the show action at all since it's not mentioned in the original Jira issue. So I think it would be best to simply remove the authorize call from the action and to adjust the tests accordingly.

Done

@Bilka2
Copy link
Contributor

Bilka2 commented Jan 6, 2025
edited
Loading

The linked commit is from before admins had roles so that comment is only about user roles. I double-checked, it's intended that all admins have access to comments on tags. Let's keep the scope of this PR to only the show action permissions and test and leave the rest as is.

Bilka2
Bilka2 approved these changes Jan 6, 2025
View reviewed changes
Copy link
Contributor

@Bilka2 Bilka2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Bilka2 Bilka2 Bilka2 approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Reviewed: Ready to Merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@WelpThatWorked @Bilka2