Fix authorization error for facilitator spotlights in share portal#1011
Open
Fix authorization error for facilitator spotlights in share portal#1011
Conversation
Collaborator
|
@copilot try again |
Co-authored-by: maebeale <7607813+maebeale@users.noreply.github.com>
Co-authored-by: maebeale <7607813+maebeale@users.noreply.github.com>
Contributor
Author
Fixed! The issue was that the
The fix is in commit 0e9faa8. All authorization tests now pass - guests can view publicly visible stories, authenticated users can view published stories, and admins can view all stories in the share portal. |
Copilot
AI
changed the title
[WIP] Fix error related to facilitator spotlights access
Fix authorization error for facilitator spotlights in share portal
Feb 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is the goal of this PR and why is this important?
Users were receiving "You are not authorized to perform this action" errors when clicking on facilitator spotlight links in the "My Butterfly" (share portal) section. This prevented both authenticated users and guests from accessing publicly available facilitator spotlight stories, significantly impacting the usability of this key feature.
How did you approach the change?
The issue was caused by missing authorization methods in the
StoryPolicyclass. When ActionPolicy couldn't find specific authorization methods for the share portal actions (share_portal?andshow_share_portal?), it fell back to the defaultmanage?method which only allows admin users.Changes made:
share_portal?method toStoryPolicythat returnstrue(public access, same asindex?)show_share_portal?method toStoryPolicythat delegates toshow?for proper authorization:Files modified:
app/policies/story_policy.rb- Added authorization methodsspec/requests/stories_spec.rb- Added test coverage for share portal authorizationAnything else to add?
All authorization tests pass successfully, code review found no issues, and security scanning (CodeQL) detected no vulnerabilities. The fix ensures proper access control while maintaining security and follows the existing authorization patterns in the codebase.
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.