From d2f64ee9288a3be2ec29e42aaf796559d3dd6b4b Mon Sep 17 00:00:00 2001 From: Marius Balteanu Date: Tue, 1 Feb 2022 20:11:56 +0000 Subject: Fix autocomplete for users fails with 403 error when there are multiple objects from different projects (#36446). Patch by Dmitry Makurin. git-svn-id: http://svn.redmine.org/redmine/trunk@21394 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/watchers_controller.rb | 8 ++++++-- app/views/watchers/_new.html.erb | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'app') diff --git a/app/controllers/watchers_controller.rb b/app/controllers/watchers_controller.rb index 97afffe01..9170acb34 100644 --- a/app/controllers/watchers_controller.rb +++ b/app/controllers/watchers_controller.rb @@ -134,8 +134,12 @@ class WatchersController < ApplicationController def users_for_new_watcher scope = nil - if params[:q].blank? && @project.present? - scope = @project.principals.assignable_watchers + if params[:q].blank? + if @project.present? + scope = @project.principals.assignable_watchers + elsif @projects.present? && @projects.size > 1 + scope = Principal.joins(:members).where(:members => { :project_id => @projects }).assignable_watchers.distinct + end else scope = Principal.assignable_watchers.limit(100) end diff --git a/app/views/watchers/_new.html.erb b/app/views/watchers/_new.html.erb index bc08a3322..dfff5516c 100644 --- a/app/views/watchers/_new.html.erb +++ b/app/views/watchers/_new.html.erb @@ -31,7 +31,7 @@ title = :controller => 'watchers', :action => 'autocomplete_for_user', :object_type => (watchables.present? ? watchables.first.class.name.underscore : nil), - :object_id => (watchables.present? && watchables.size == 1 ? watchables.first.id : nil), + :object_id => (watchables.present? ? watchables.map(&:id) : nil), :project_id => @project ) )}' -- cgit v1.2.3