Split "Manage documents" permission into create, edit and delete permissions (#12401).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11206 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2013-01-20 11:38:20 +00:00
parent 26016cdc08
commit 48fb02e383
7 changed files with 41 additions and 9 deletions

View File

@ -19,7 +19,7 @@ class Document < ActiveRecord::Base
include Redmine::SafeAttributes include Redmine::SafeAttributes
belongs_to :project belongs_to :project
belongs_to :category, :class_name => "DocumentCategory", :foreign_key => "category_id" belongs_to :category, :class_name => "DocumentCategory", :foreign_key => "category_id"
acts_as_attachable :delete_permission => :manage_documents acts_as_attachable :delete_permission => :delete_documents
acts_as_searchable :columns => ['title', "#{table_name}.description"], :include => :project acts_as_searchable :columns => ['title', "#{table_name}.description"], :include => :project
acts_as_event :title => Proc.new {|o| "#{l(:label_document)}: #{o.title}"}, acts_as_event :title => Proc.new {|o| "#{l(:label_document)}: #{o.title}"},

View File

@ -1,6 +1,6 @@
<div class="contextual"> <div class="contextual">
<%= link_to l(:label_document_new), new_project_document_path(@project), :class => 'icon icon-add', <%= link_to l(:label_document_new), new_project_document_path(@project), :class => 'icon icon-add',
:onclick => 'showAndScrollTo("add-document", "document_title"); return false;' if User.current.allowed_to?(:manage_documents, @project) %> :onclick => 'showAndScrollTo("add-document", "document_title"); return false;' if User.current.allowed_to?(:add_documents, @project) %>
</div> </div>
<div id="add-document" style="display:none;"> <div id="add-document" style="display:none;">

View File

@ -1,6 +1,8 @@
<div class="contextual"> <div class="contextual">
<% if User.current.allowed_to?(:manage_documents, @project) %> <% if User.current.allowed_to?(:edit_documents, @project) %>
<%= link_to l(:button_edit), edit_document_path(@document), :class => 'icon icon-edit', :accesskey => accesskey(:edit) %> <%= link_to l(:button_edit), edit_document_path(@document), :class => 'icon icon-edit', :accesskey => accesskey(:edit) %>
<% end %>
<% if User.current.allowed_to?(:delete_documents, @project) %>
<%= delete_link document_path(@document) %> <%= delete_link document_path(@document) %>
<% end %> <% end %>
</div> </div>

View File

@ -0,0 +1,23 @@
class SplitDocumentsPermissions < ActiveRecord::Migration
def up
# :manage_documents permission split into 3 permissions:
# :add_documents, :edit_documents and :delete_documents
Role.all.each do |role|
if role.has_permission?(:manage_documents)
role.add_permission! :add_documents, :edit_documents, :delete_documents
role.remove_permission! :manage_documents
end
end
end
def down
Role.all.each do |role|
if role.has_permission?(:add_documents) ||
role.has_permission?(:edit_documents) ||
role.has_permission?(:delete_documents)
role.remove_permission! :add_documents, :edit_documents, :delete_documents
role.add_permission! :manage_documents
end
end
end
end

View File

@ -146,7 +146,9 @@ Redmine::AccessControl.map do |map|
end end
map.project_module :documents do |map| map.project_module :documents do |map|
map.permission :manage_documents, {:documents => [:new, :create, :edit, :update, :destroy, :add_attachment]}, :require => :loggedin map.permission :add_documents, {:documents => [:new, :create, :add_attachment]}, :require => :loggedin
map.permission :edit_documents, {:documents => [:edit, :update, :add_attachment]}, :require => :loggedin
map.permission :delete_documents, {:documents => [:destroy]}, :require => :loggedin
map.permission :view_documents, {:documents => [:index, :show, :download]}, :read => true map.permission :view_documents, {:documents => [:index, :show, :download]}, :read => true
end end

View File

@ -38,7 +38,9 @@ roles_001:
- :manage_news - :manage_news
- :comment_news - :comment_news
- :view_documents - :view_documents
- :manage_documents - :add_documents
- :edit_documents
- :delete_documents
- :view_wiki_pages - :view_wiki_pages
- :export_wiki_pages - :export_wiki_pages
- :view_wiki_edits - :view_wiki_edits
@ -89,7 +91,9 @@ roles_002:
- :manage_news - :manage_news
- :comment_news - :comment_news
- :view_documents - :view_documents
- :manage_documents - :add_documents
- :edit_documents
- :delete_documents
- :view_wiki_pages - :view_wiki_pages
- :view_wiki_edits - :view_wiki_edits
- :edit_wiki_pages - :edit_wiki_pages
@ -131,7 +135,9 @@ roles_003:
- :manage_news - :manage_news
- :comment_news - :comment_news
- :view_documents - :view_documents
- :manage_documents - :add_documents
- :edit_documents
- :delete_documents
- :view_wiki_pages - :view_wiki_pages
- :view_wiki_edits - :view_wiki_edits
- :edit_wiki_pages - :edit_wiki_pages
@ -163,7 +169,6 @@ roles_004:
- :view_time_entries - :view_time_entries
- :comment_news - :comment_news
- :view_documents - :view_documents
- :manage_documents
- :view_wiki_pages - :view_wiki_pages
- :view_wiki_edits - :view_wiki_edits
- :edit_wiki_pages - :edit_wiki_pages

View File

@ -901,7 +901,7 @@ class UserTest < ActiveSupport::TestCase
should "authorize nearly everything for admin users" do should "authorize nearly everything for admin users" do
project = Project.find(1) project = Project.find(1)
assert ! @admin.member_of?(project) assert ! @admin.member_of?(project)
%w(edit_issues delete_issues manage_news manage_documents manage_wiki).each do |p| %w(edit_issues delete_issues manage_news add_documents manage_wiki).each do |p|
assert_equal true, @admin.allowed_to?(p.to_sym, project) assert_equal true, @admin.allowed_to?(p.to_sym, project)
end end
end end