diff --git a/db/migrate/099_add_delete_wiki_pages_attachments_permission.rb b/db/migrate/099_add_delete_wiki_pages_attachments_permission.rb new file mode 100644 index 000000000..1ff888f3c --- /dev/null +++ b/db/migrate/099_add_delete_wiki_pages_attachments_permission.rb @@ -0,0 +1,13 @@ +class AddDeleteWikiPagesAttachmentsPermission < ActiveRecord::Migration + def self.up + Role.find(:all).each do |r| + r.add_permission!(:delete_wiki_pages_attachments) if r.has_permission?(:edit_wiki_pages) + end + end + + def self.down + Role.find(:all).each do |r| + r.remove_permission!(:delete_wiki_pages_attachments) + end + end +end diff --git a/lib/redmine.rb b/lib/redmine.rb index 5529e0bf5..1503c1d41 100644 --- a/lib/redmine.rb +++ b/lib/redmine.rb @@ -81,7 +81,8 @@ Redmine::AccessControl.map do |map| map.permission :delete_wiki_pages, {:wiki => :destroy}, :require => :member map.permission :view_wiki_pages, :wiki => [:index, :special] map.permission :view_wiki_edits, :wiki => [:history, :diff, :annotate] - map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment, :destroy_attachment] + map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment] + map.permission :delete_wiki_pages_attachments, :wiki => :destroy_attachment map.permission :protect_wiki_pages, {:wiki => :protect}, :require => :member end diff --git a/test/fixtures/roles.yml b/test/fixtures/roles.yml index 74cba2706..78e0f0329 100644 --- a/test/fixtures/roles.yml +++ b/test/fixtures/roles.yml @@ -32,6 +32,7 @@ roles_001: - :view_wiki_pages - :view_wiki_edits - :edit_wiki_pages + - :delete_wiki_pages_attachments - :protect_wiki_pages - :delete_wiki_pages - :rename_wiki_pages diff --git a/test/functional/wiki_controller_test.rb b/test/functional/wiki_controller_test.rb index b5325357c..053b86301 100644 --- a/test/functional/wiki_controller_test.rb +++ b/test/functional/wiki_controller_test.rb @@ -251,4 +251,11 @@ class WikiControllerTest < Test::Unit::TestCase assert_response :success assert_template 'edit' end + + def test_destroy_attachment + @request.session[:user_id] = 2 + assert_difference 'Attachment.count', -1 do + post :destroy_attachment, :id => 1, :page => 'Page_with_an_inline_image', :attachment_id => 3 + end + end end