Prevent '%{org_title} Plans' Section From Displaying Plans Created by Users From Other Organisations #3413
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #3345
Fixes #3414
Changes proposed in this PR:
app/controllers/application_controller.rb
render_respond_to_format_with_error_message
render_respond_to_format_with_error_message
is called both when rescuing from Pundit::NotAuthorizedError and ActiveRecord::RecordNotFound. The method works properly with .html format, but prior to this change, ActionController::UnknownFormat was thrown for .pdf format.Edit
scope :organisationally_or_publicly_visible
Org.org_admin_plans
with newly createdOrg.owned_plans
.Org.org_admin_plans
would return any plan whereplan.org_id = Org.id
. In addition, it would return any plan where a user with user.org_id = Org.id had Administrator access on the plan.Org.owned_plans
only returns plans where the Creator access for the plan belongs to a user with user.org_id = Org.id