Ability to allow non-admin users to create projects (#1007).

This can be enabled in permissions settings. A non-admin user who creates a project is automatically added as a project member (the first role is given, TODO: make this given role configurable). Projects can be added from the public projects list. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2750 e93f8b46-1217-0410-a6f0-8f06a7374b81
2009-05-17 12:59:14 +00:00 · 2009-05-17 12:59:14 +00:00 · 8141110eb2
parent 9c9dc6e814
commit 8141110eb2
42 changed files with 106 additions and 30 deletions
--- a/app/controllers/application.rb
+++ b/app/controllers/application.rb
@ -114,11 +114,16 @@ class ApplicationController < ActionController::Base
  end

  # Authorize the user for the requested action
-  def authorize(ctrl = params[:controller], action = params[:action])
-    allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project)
+  def authorize(ctrl = params[:controller], action = params[:action], global = false)
+    allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project, :global => global)
    allowed ? true : deny_access
  end

+  # Authorize the user for the requested action outside a project
+  def authorize_global(ctrl = params[:controller], action = params[:action], global = true)
+    authorize(ctrl, action, global)
+  end
+  
  # make sure that the user is a member of the project (or admin) if project is private
  # used as a before_filter for actions that do not require any particular permission on the project
  def check_project_privacy
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@ -26,7 +26,8 @@ class ProjectsController < ApplicationController
  before_filter :find_project, :except => [ :index, :list, :add, :copy, :activity ]
  before_filter :find_optional_project, :only => :activity
  before_filter :authorize, :except => [ :index, :list, :add, :copy, :archive, :unarchive, :destroy, :activity ]
-  before_filter :require_admin, :only => [ :add, :copy, :archive, :unarchive, :destroy ]
+  before_filter :authorize_global, :only => :add
+  before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
  accept_key_auth :activity
  
  after_filter :only => [:add, :edit, :archive, :unarchive, :destroy] do |controller|
@ -75,8 +76,13 @@ class ProjectsController < ApplicationController
      @project.enabled_module_names = params[:enabled_modules]
      if @project.save
        @project.set_parent!(params[:project]['parent_id']) if User.current.admin? && params[:project].has_key?('parent_id')
+        # Add current user as a project member if he is not admin
+        unless User.current.admin?
+          m = Member.new(:user => User.current, :roles => Role.builtin(false).find(:all, :order => 'position', :limit => 1))
+          @project.members << m
+        end
        flash[:notice] = l(:notice_successful_create)
-        redirect_to :controller => 'admin', :action => 'projects'
+        redirect_to :controller => 'projects', :action => 'settings', :id => @project
      end
    end	
  end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -277,6 +277,9 @@ class User < ActiveRecord::Base
      roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)}
      
    elsif options[:global]
+      # Admin users are always authorized
+      return true if admin?
+      
      # authorize if user has at least one role that has this permission
      roles = memberships.collect {|m| m.roles}.flatten.uniq
      roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action))
--- a/app/views/projects/index.rhtml
+++ b/app/views/projects/index.rhtml
@ -1,5 +1,5 @@
 <div class="contextual">
-    <%= link_to(l(:label_project_new), {:controller => 'projects', :action => 'add'}, :class => 'icon icon-add') + ' |' if User.current.admin? %>
+    <%= link_to(l(:label_project_new), {:controller => 'projects', :action => 'add'}, :class => 'icon icon-add') + ' |' if User.current.allowed_to?(:add_project, nil, :global => true) %>
    <%= link_to l(:label_issue_view_all), { :controller => 'issues' } %> |
    <%= link_to l(:label_overall_activity), { :controller => 'projects', :action => 'activity' }%>
 </div>
--- a/config/locales/bg.yml
+++ b/config/locales/bg.yml
@ -796,3 +796,4 @@ bg:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/bs.yml
+++ b/config/locales/bs.yml
@ -829,3 +829,4 @@ bs:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/ca.yml
+++ b/config/locales/ca.yml
@ -799,3 +799,4 @@ ca:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/cs.yml
+++ b/config/locales/cs.yml
@ -802,3 +802,4 @@ cs:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/da.yml
+++ b/config/locales/da.yml
@ -829,3 +829,4 @@ da:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@ -828,3 +828,4 @@ de:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -292,6 +292,7 @@ en:
  setting_openid: Allow OpenID login and registration
  setting_password_min_length: Minimum password length
  
+  permission_add_project: Create project
  permission_edit_project: Edit project
  permission_select_project_modules: Select project modules
  permission_manage_members: Manage members
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
@ -849,3 +849,4 @@ es:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/fi.yml
+++ b/config/locales/fi.yml
@ -839,3 +839,4 @@ fi:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@ -324,6 +324,7 @@ fr:
  setting_openid: "Autoriser l'authentification et l'enregistrement OpenID"
  setting_password_min_length: Longueur minimum des mots de passe
  
+  permission_add_project: Créer un projet
  permission_edit_project: Modifier le projet
  permission_select_project_modules: Choisir les modules
  permission_manage_members: Gérer les members
--- a/config/locales/gl.yml
+++ b/config/locales/gl.yml
@ -828,3 +828,4 @@ gl:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/he.yml
+++ b/config/locales/he.yml
@ -811,3 +811,4 @@ he:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/hu.yml
+++ b/config/locales/hu.yml
@ -834,3 +834,4 @@
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/it.yml
+++ b/config/locales/it.yml
@ -814,3 +814,4 @@ it:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@ -827,3 +827,4 @@ ja:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/ko.yml
+++ b/config/locales/ko.yml
@ -858,3 +858,4 @@ ko:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/lt.yml
+++ b/config/locales/lt.yml
@ -839,3 +839,4 @@ lt:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
@ -784,3 +784,4 @@ nl:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/no.yml
+++ b/config/locales/no.yml
@ -801,3 +801,4 @@
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/pl.yml
+++ b/config/locales/pl.yml
@ -832,3 +832,4 @@ pl:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
@ -834,3 +834,4 @@ pt-BR:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/pt.yml
+++ b/config/locales/pt.yml
@ -820,3 +820,4 @@ pt:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/ro.yml
+++ b/config/locales/ro.yml
@ -799,3 +799,4 @@ ro:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/ru.yml
+++ b/config/locales/ru.yml
@ -926,3 +926,4 @@ ru:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/sk.yml
+++ b/config/locales/sk.yml
@ -800,3 +800,4 @@ sk:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/sl.yml
+++ b/config/locales/sl.yml
@ -798,3 +798,4 @@ sl:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/sr.yml
+++ b/config/locales/sr.yml
@ -822,3 +822,4 @@
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/sv.yml
+++ b/config/locales/sv.yml
@ -856,3 +856,4 @@ sv:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/th.yml
+++ b/config/locales/th.yml
@ -799,3 +799,4 @@ th:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/tr.yml
+++ b/config/locales/tr.yml
@ -835,3 +835,4 @@ tr:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/uk.yml
+++ b/config/locales/uk.yml
@ -798,3 +798,4 @@ uk:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/vi.yml
+++ b/config/locales/vi.yml
@ -868,3 +868,4 @@ vi:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
@ -906,3 +906,4 @@
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/config/locales/zh.yml
+++ b/config/locales/zh.yml
@ -831,3 +831,4 @@ zh:
  mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
  label_wiki_content_updated: Wiki page updated
  mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+  permission_add_project: Create project
--- a/lib/redmine.rb
+++ b/lib/redmine.rb
@ -20,6 +20,7 @@ REDMINE_SUPPORTED_SCM = %w( Subversion Darcs Mercurial Cvs Bazaar Git Filesystem
 Redmine::AccessControl.map do |map|
  map.permission :view_project, {:projects => [:show, :activity]}, :public => true
  map.permission :search_project, {:search => :index}, :public => true
+  map.permission :add_project, {:projects => :add}, :require => :loggedin
  map.permission :edit_project, {:projects => [:settings, :edit]}, :require => :member
  map.permission :select_project_modules, {:projects => :modules}, :require => :member
  map.permission :manage_members, {:projects => :settings, :members => [:new, :edit, :destroy, :autocomplete_for_member_login]}, :require => :member
--- a/test/fixtures/roles.yml
+++ b/test/fixtures/roles.yml
@ -5,6 +5,7 @@ roles_001:
  builtin: 0
  permissions: |
    --- 
+    - :add_project
    - :edit_project
    - :manage_members
    - :manage_versions
--- a/test/functional/projects_controller_test.rb
+++ b/test/functional/projects_controller_test.rb
@ -89,6 +89,56 @@ class ProjectsControllerTest < Test::Unit::TestCase
    )
  end
  
+  def test_get_add
+    @request.session[:user_id] = 1
+    get :add
+    assert_response :success
+    assert_template 'add'
+  end
+  
+  def test_get_add_by_non_admin
+    @request.session[:user_id] = 2
+    get :add
+    assert_response :success
+    assert_template 'add'
+  end
+  
+  def test_post_add
+    @request.session[:user_id] = 1
+    post :add, :project => { :name => "blog", 
+                             :description => "weblog",
+                             :identifier => "blog",
+                             :is_public => 1,
+                             :custom_field_values => { '3' => 'Beta' }
+                            }
+    assert_redirected_to '/projects/blog/settings'
+    
+    project = Project.find_by_name('blog')
+    assert_kind_of Project, project
+    assert_equal 'weblog', project.description 
+    assert_equal true, project.is_public?
+  end
+  
+  def test_post_add_by_non_admin
+    @request.session[:user_id] = 2
+    post :add, :project => { :name => "blog", 
+                             :description => "weblog",
+                             :identifier => "blog",
+                             :is_public => 1,
+                             :custom_field_values => { '3' => 'Beta' }
+                            }
+    assert_redirected_to '/projects/blog/settings'
+    
+    project = Project.find_by_name('blog')
+    assert_kind_of Project, project
+    assert_equal 'weblog', project.description 
+    assert_equal true, project.is_public?
+    
+    # User should be added as a project member
+    assert User.find(2).member_of?(project)
+    assert_equal 1, project.members.size
+  end
+  
  def test_show_routing
    assert_routing(
      {:method => :get, :path => '/projects/test'},
--- a/test/integration/admin_test.rb
+++ b/test/integration/admin_test.rb
@ -39,28 +39,4 @@ class AdminTest < ActionController::IntegrationTest
    locked_user = User.try_to_login("psmith", "psmith09")
    assert_equal nil, locked_user
  end
-  
-  def test_add_project
-    log_user("admin", "admin")
-    get "projects/new"
-    assert_response :success
-    assert_template "projects/add"
-    post "projects", :project => { :name => "blog", 
-                                       :description => "weblog",
-                                       :identifier => "blog",
-                                       :is_public => 1,
-                                       :custom_field_values => { '3' => 'Beta' }
-                                       }
-    assert_redirected_to "admin/projects"
-    assert_equal 'Successful creation.', flash[:notice]
-    
-    project = Project.find_by_name("blog")
-    assert_kind_of Project, project
-    assert_equal "weblog", project.description 
-    assert_equal true, project.is_public?
-    
-    get "admin/projects"
-    assert_response :success
-    assert_template "admin/projects"
-  end  
 end