You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The "unit.check" permission ("Ignore failing check") is tested incorrectly in several areas;
In weblate/trans/views.py, the following tests occur:
def ignore_check(request, check_id):
(...)
if not request.user.has_perm("unit.check", project) or obj.is_enforced():
raise PermissionDenied()
(...)
def ignore_check_source(request, check_id):
(...)
if (
not request.user.has_perm("unit.check", project)
or obj.is_enforced()
or not request.user.has_perm("source.edit", unit.translation.component)
):
raise PermissionDenied()
(...)
But, in templates/translate.html, the offering is based on:
{% perm 'unit.check' unit.translation as user_can_ignore_check %}
The "unit.check" permission doesn't appear to be granted at a Project-level at all. This leads to a scenario where, during Custom permissions, if a role is granted this perm, the translation UI offers the ability to ignore but always throws a PermissionDenied exception.
Expected behavior
Either test for permissions based on translation or component, like so:
if not request.user.has_perm("unit.check", obj.unit.translation.component) or obj.is_enforced():
raise PermissionDenied()
This has the correct behavior.
The text was updated successfully, but these errors were encountered:
This is relict from past when checks were bound to a project and checksum of the unit, not to actual unit. I guess that similar issue will exist for comments or suggestions where same model has been used.
This allows to integrate the enforced check to the permission avoiding
need to duplicate this condition in other locations. Also remove not
needed check_access invocation as that is already covered by the
permission check.
Fixes#4590
Describe the bug
The "unit.check" permission ("Ignore failing check") is tested incorrectly in several areas;
In weblate/trans/views.py, the following tests occur:
But, in templates/translate.html, the offering is based on:
The "unit.check" permission doesn't appear to be granted at a Project-level at all. This leads to a scenario where, during Custom permissions, if a role is granted this perm, the translation UI offers the ability to ignore but always throws a PermissionDenied exception.
Expected behavior
Either test for permissions based on translation or component, like so:
This has the correct behavior.
The text was updated successfully, but these errors were encountered: