Fixes behaviour of move_issues permission for non member role (#5309).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3683 e93f8b46-1217-0410-a6f0-8f06a7374b81
2010-04-18 12:47:41 +00:00 · 2010-04-18 12:47:41 +00:00 · 0004b52646
parent de51e16d2b
commit 0004b52646
3 changed files with 34 additions and 8 deletions
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@ -267,14 +267,7 @@ class IssuesController < ApplicationController
  def move
    @issues.sort!
    @copy = params[:copy_options] && params[:copy_options][:copy]
-    @allowed_projects = []
-    # find projects to which the user is allowed to move the issue
-    if User.current.admin?
-      # admin is allowed to move issues to any active (visible) project
-      @allowed_projects = Project.find(:all, :conditions => Project.visible_by(User.current))
-    else
-      User.current.memberships.each {|m| @allowed_projects << m.project if m.roles.detect {|r| r.allowed_to?(:move_issues)}}
-    end
+    @allowed_projects = Issue.allowed_target_projects_on_move
    @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
    @target_project ||= @project    
    @trackers = @target_project.trackers
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@ -600,6 +600,22 @@ class Issue < ActiveRecord::Base
  end
  # End ReportsController extraction
  
+  # Returns an array of projects that current user can move issues to
+  def self.allowed_target_projects_on_move
+    projects = []
+    if User.current.admin?
+      # admin is allowed to move issues to any active (visible) project
+      projects = Project.visible.all
+    elsif User.current.logged?
+      if Role.non_member.allowed_to?(:move_issues)
+        projects = Project.visible.all
+      else
+        User.current.memberships.each {|m| projects << m.project if m.roles.detect {|r| r.allowed_to?(:move_issues)}}
+      end
+    end
+    projects
+  end
+   
  private
  
  def update_nested_set_attributes
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@ -667,6 +667,23 @@ class IssueTest < ActiveSupport::TestCase
    assert_equal 2, groups.size
    assert_equal 5, groups.inject(0) {|sum, group| sum + group['total'].to_i}
  end
+  
+  
+  context ".allowed_target_projects_on_move" do
+    should "return all active projects for admin users" do
+      User.current = User.find(1)
+      assert_equal Project.active.count, Issue.allowed_target_projects_on_move.size
+    end
+    
+    should "return allowed projects for non admin users" do
+      User.current = User.find(2)
+      Role.non_member.remove_permission! :move_issues
+      assert_equal 3, Issue.allowed_target_projects_on_move.size
+      
+      Role.non_member.add_permission! :move_issues
+      assert_equal Project.active.count, Issue.allowed_target_projects_on_move.size
+    end
+  end

  def test_recently_updated_with_limit_scopes
    #should return the last updated issue