[#55688] Role cant copy work package despite privilege being granted …

…for role https://community.openproject.org/work_packages/55688
opf · Oct 7, 2024 · 394ca5f · 394ca5f
1 parent 0adec2f
commit 394ca5f
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/app/contracts/work_packages/copy_contract.rb b/app/contracts/work_packages/copy_contract.rb
@@ -32,6 +32,7 @@
 
 module WorkPackages
   class CopyContract < CreateContract
+    REQUIRED_PERMISSION = :copy_work_packages
     # As % Complete can be set while Work and Remaining work are not, copying is
     # a scenario where this field must be writable
     attribute :done_ratio,

diff --git a/app/contracts/work_packages/create_contract.rb b/app/contracts/work_packages/create_contract.rb
@@ -30,6 +30,8 @@
 
 module WorkPackages
   class CreateContract < BaseContract
+    REQUIRED_PERMISSION = :add_work_packages
+
     include AdminWritableTimestamps
     allow_writable_timestamps :created_at
 
@@ -40,18 +42,18 @@ class CreateContract < BaseContract
               # Overriding permission from WP base contract to ignore change_work_package_status for creation,
               # because we don't require that permission for writable status during WP creation.
               # Note that nil would not override and [] would ignore the default permission, so we use the default here:
-              permission: :add_work_packages
+              permission: REQUIRED_PERMISSION
 
-    default_attribute_permission :add_work_packages
+    default_attribute_permission REQUIRED_PERMISSION
 
     validate :user_allowed_to_add
     validate :user_allowed_to_manage_file_links
 
     private
 
     def user_allowed_to_add
-      if (model.project && !@user.allowed_in_project?(:add_work_packages, model.project)) ||
-         !@user.allowed_in_any_project?(:add_work_packages)
+      if (model.project && !@user.allowed_in_project?(REQUIRED_PERMISSION, model.project)) ||
+         !@user.allowed_in_any_project?(REQUIRED_PERMISSION)
         errors.add(:base, :error_unauthorized)
       end
     end

diff --git a/lib/api/v3/work_packages/work_package_representer.rb b/lib/api/v3/work_packages/work_package_representer.rb
@@ -112,7 +112,7 @@ def self_v3_path(*)
         end
 
         link :copy,
-             cache_if: -> { add_work_packages_allowed? } do
+             cache_if: -> { copy_work_packages_allowed? } do
           next if represented.new_record?
 
           {
@@ -629,6 +629,11 @@ def add_work_packages_allowed?
             current_user.allowed_in_project?(:add_work_packages, represented.project)
         end
 
+        def copy_work_packages_allowed?
+          @copy_work_packages_allowed ||=
+            current_user.allowed_in_project?(:copy_work_packages, represented.project)
+        end
+
         def relations
           self_path = api_v3_paths.work_package_relations(represented.id)
           visible_relations = represented