redmine_importer icon indicating copy to clipboard operation
redmine_importer copied to clipboard
verified publisher icon leovitch

Anonymous can import issue

Open ghost opened this issue 13 years ago • 2 comments

Hi,

Thanks for your great plug-in! I want to report a bug: Though I have set permission for anonymous can do nothing, they still can import issues via Importer page - just come to link: http://my_server/importer?project_id=project_id and import as usual and it is still successful.

Regards,

ghost avatar Aug 24 '12 03:08 ghost

Yeah, this is really bug.

logical-and avatar Aug 26 '12 08:08 logical-and

Hi,

I have tried to change some thing to fix the problem: Edit file '$REDMINE_HOME/vendor/plugins/redmine_importer/init.rb' --> permission :import, {:importer => [:index, :match, :result]} #add :match, :result

Edit file '$REDMINE_HOME/vendor/plugins/redmine_importer/app/controllers/importer_controller.rb' --> before_filter :find_project, :authorize #add :authorize

Regards,

ghost avatar Sep 20 '12 09:09 ghost