Fixes behaviour of move_issues permission for non member role (#5309).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3683 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
de51e16d2b
commit
0004b52646
|
@ -267,14 +267,7 @@ class IssuesController < ApplicationController
|
|||
def move
|
||||
@issues.sort!
|
||||
@copy = params[:copy_options] && params[:copy_options][:copy]
|
||||
@allowed_projects = []
|
||||
# find projects to which the user is allowed to move the issue
|
||||
if User.current.admin?
|
||||
# admin is allowed to move issues to any active (visible) project
|
||||
@allowed_projects = Project.find(:all, :conditions => Project.visible_by(User.current))
|
||||
else
|
||||
User.current.memberships.each {|m| @allowed_projects << m.project if m.roles.detect {|r| r.allowed_to?(:move_issues)}}
|
||||
end
|
||||
@allowed_projects = Issue.allowed_target_projects_on_move
|
||||
@target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
|
||||
@target_project ||= @project
|
||||
@trackers = @target_project.trackers
|
||||
|
|
|
@ -600,6 +600,22 @@ class Issue < ActiveRecord::Base
|
|||
end
|
||||
# End ReportsController extraction
|
||||
|
||||
# Returns an array of projects that current user can move issues to
|
||||
def self.allowed_target_projects_on_move
|
||||
projects = []
|
||||
if User.current.admin?
|
||||
# admin is allowed to move issues to any active (visible) project
|
||||
projects = Project.visible.all
|
||||
elsif User.current.logged?
|
||||
if Role.non_member.allowed_to?(:move_issues)
|
||||
projects = Project.visible.all
|
||||
else
|
||||
User.current.memberships.each {|m| projects << m.project if m.roles.detect {|r| r.allowed_to?(:move_issues)}}
|
||||
end
|
||||
end
|
||||
projects
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def update_nested_set_attributes
|
||||
|
|
|
@ -668,6 +668,23 @@ class IssueTest < ActiveSupport::TestCase
|
|||
assert_equal 5, groups.inject(0) {|sum, group| sum + group['total'].to_i}
|
||||
end
|
||||
|
||||
|
||||
context ".allowed_target_projects_on_move" do
|
||||
should "return all active projects for admin users" do
|
||||
User.current = User.find(1)
|
||||
assert_equal Project.active.count, Issue.allowed_target_projects_on_move.size
|
||||
end
|
||||
|
||||
should "return allowed projects for non admin users" do
|
||||
User.current = User.find(2)
|
||||
Role.non_member.remove_permission! :move_issues
|
||||
assert_equal 3, Issue.allowed_target_projects_on_move.size
|
||||
|
||||
Role.non_member.add_permission! :move_issues
|
||||
assert_equal Project.active.count, Issue.allowed_target_projects_on_move.size
|
||||
end
|
||||
end
|
||||
|
||||
def test_recently_updated_with_limit_scopes
|
||||
#should return the last updated issue
|
||||
assert_equal 1, Issue.recently_updated.with_limit(1).length
|
||||
|
|
Loading…
Reference in New Issue