From eccd6ded2e645c27b64fcde8bf21f4129cacd417 Mon Sep 17 00:00:00 2001 From: aaronskiba Date: Mon, 29 Jul 2024 13:55:22 -0600 Subject: [PATCH 1/2] Add conditional for who can add plan contributors Prior to this commit, even plan collaborators with "Read only" access could add/edit plan contributors. --- app/views/contributors/index.html.erb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/views/contributors/index.html.erb b/app/views/contributors/index.html.erb index ddd3911313..3a6df98745 100644 --- a/app/views/contributors/index.html.erb +++ b/app/views/contributors/index.html.erb @@ -29,8 +29,10 @@

<%= _("No contributors have been defined.") %>

<% end %> - <%= link_to _("Add a contributor"), new_plan_contributor_path(@plan), - class: "btn btn-primary" %> + <% if @plan.editable_by?(current_user.id) %> + <%= link_to _("Add a contributor"), new_plan_contributor_path(@plan), + class: "btn btn-primary" %> + <% end %> <% end %> From f43a7de4ef3148aa4d361d92963984fd6179e6c3 Mon Sep 17 00:00:00 2001 From: aaronskiba Date: Fri, 7 Feb 2025 09:23:09 -0700 Subject: [PATCH 2/2] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ace50817c5..c2cdc1c724 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - Fixed a bug in the deep copy of plans where the old identifier was being copied into the new plan. We now copy the generated id of the new plan to the identifier field. - Fixed bar chart click function in the Usage dashboard (GitHub issue #3443) - Fixed broken link for the V1 API documentation. +- Only Render Plan's "Add a Contributor" Button For Users With Sufficient Permissions [#3442](https://github.com/DMPRoadmap/roadmap/pull/3442) **Note this upgrade is mainly a migration from Bootstrap 3 to Bootstrap 5.**