kolan
/
Redmine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixes behaviour of move_issues permission for non member role (#5309). 

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3683 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2010-04-18 12:47:41 +00:00
parent de51e16d2b
commit 0004b52646
3 changed files with 34 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/controllers/issues_controller.rb
View File

@ -267,14 +267,7 @@ class IssuesController < ApplicationController
def move def move
@issues.sort! @issues.sort!
@copy = params[:copy_options] && params[:copy_options][:copy] @copy = params[:copy_options] && params[:copy_options][:copy]
@allowed_projects = [] @allowed_projects = Issue.allowed_target_projects_on_move
# find projects to which the user is allowed to move the issue
if User.current.admin?
# admin is allowed to move issues to any active (visible) project
@allowed_projects = Project.find(:all, :conditions => Project.visible_by(User.current))
else
User.current.memberships.each {|m| @allowed_projects << m.project if m.roles.detect {|r| r.allowed_to?(:move_issues)}}
end
@target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id] @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
@target_project ||= @project @target_project ||= @project
@trackers = @target_project.trackers @trackers = @target_project.trackers

16
app/models/issue.rb
View File

@ -600,6 +600,22 @@ class Issue < ActiveRecord::Base
end end
# End ReportsController extraction # End ReportsController extraction
# Returns an array of projects that current user can move issues to
def self.allowed_target_projects_on_move
projects = []
if User.current.admin?
# admin is allowed to move issues to any active (visible) project
projects = Project.visible.all
elsif User.current.logged?
if Role.non_member.allowed_to?(:move_issues)
projects = Project.visible.all
else
User.current.memberships.each {|m| projects << m.project if m.roles.detect {|r| r.allowed_to?(:move_issues)}}
end
end
projects
end
private private
def update_nested_set_attributes def update_nested_set_attributes

17
test/unit/issue_test.rb
View File

@ -667,6 +667,23 @@ class IssueTest < ActiveSupport::TestCase
assert_equal 2, groups.size assert_equal 2, groups.size
assert_equal 5, groups.inject(0) {|sum, group| sum + group['total'].to_i} assert_equal 5, groups.inject(0) {|sum, group| sum + group['total'].to_i}
end end
context ".allowed_target_projects_on_move" do
should "return all active projects for admin users" do
User.current = User.find(1)
assert_equal Project.active.count, Issue.allowed_target_projects_on_move.size
end
should "return allowed projects for non admin users" do
User.current = User.find(2)
Role.non_member.remove_permission! :move_issues
assert_equal 3, Issue.allowed_target_projects_on_move.size
Role.non_member.add_permission! :move_issues
assert_equal Project.active.count, Issue.allowed_target_projects_on_move.size
end
end
def test_recently_updated_with_limit_scopes def test_recently_updated_with_limit_scopes
#should return the last updated issue #should return the last updated issue