Redmine 使用声明性许可。当您创建新控制器时,权限定义中缺少它及其操作,因此无法访问。
要解决此问题,您需要将新控制器的相关操作包含到权限定义中。 This is the location in lib/redmine.rb 你可能需要修改。为了清楚起见,复制到这里:
map.project_module :time_tracking do |map|
map.permission :log_time, {:timelog => [:new, :create]}, :require => :loggedin
map.permission :view_time_entries, {:timelog => [:index, :report, :show]}, :read => true
map.permission :edit_time_entries, {:timelog => [:edit, :update, :destroy, :bulk_edit, :bulk_update]}, :require => :member
map.permission :edit_own_time_entries, {:timelog => [:edit, :update, :destroy,:bulk_edit, :bulk_update]}, :require => :loggedin
map.permission :manage_project_activities, {:project_enumerations => [:update, :destroy]}, :require => :member
end
你应该在这个块中添加这样的东西:
map.permission :view_time_estimates, {:timelog_estimates => [:index, :report, :show]}, :read => true
map.permission :edit_time_estimates, {:timelog_estimates => [:edit, :update, :destroy, :bulk_edit, :bulk_update]}, :require => :member
map.permission :edit_own_time_estimates, {:timelog_estimates => [:edit, :update, :destroy,:bulk_edit, :bulk_update]}, :require => :loggedin
授权通过您的控制器中的此调用进行:
before_filter :authorize_global, :only => [:new, :create, :index, :report]
如果你遵循authorize_global的实现,你会find this:
# Authorize the user for the requested action
def authorize(ctrl = params[:controller], action = params[:action], global = false)
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
if allowed
true
else
if @project && @project.archived?
render_403 :message => :notice_not_authorized_archived_project
else
deny_access
end
end
end
render_403 行是您收到错误的原因。