diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index a598ac8f5..bbe71a3ea 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -136,26 +136,19 @@ class IssuesController < ApplicationController render_error l(:error_no_tracker_in_project) return end + if @issue.status.nil? + render_error l(:error_no_default_issue_status) + return + end if params[:issue].is_a?(Hash) @issue.safe_attributes = params[:issue] @issue.watcher_user_ids = params[:issue]['watcher_user_ids'] if User.current.allowed_to?(:add_issue_watchers, @project) end @issue.author = User.current - default_status = IssueStatus.default - unless default_status - render_error l(:error_no_default_issue_status) - return - end - @issue.status = default_status - @allowed_statuses = @issue.new_statuses_allowed_to(User.current, true) - if request.get? || request.xhr? @issue.start_date ||= Date.today else - requested_status = IssueStatus.find_by_id(params[:issue][:status_id]) - # Check that the user is allowed to apply the requested status - @issue.status = (@allowed_statuses.include? requested_status) ? requested_status : default_status call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue }) if @issue.save attachments = Attachment.attach_files(@issue, params[:attachments]) @@ -179,6 +172,7 @@ class IssuesController < ApplicationController end end @priorities = IssuePriority.all + @allowed_statuses = @issue.new_statuses_allowed_to(User.current, true) render :layout => !request.xhr? end diff --git a/app/models/issue.rb b/app/models/issue.rb index 6eca869d2..012661cad 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -163,6 +163,11 @@ class Issue < ActiveRecord::Base end issue end + + def status_id=(sid) + self.status = nil + write_attribute(:status_id, sid) + end def priority_id=(pid) self.priority = nil diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb index 11d35f500..23d09152c 100644 --- a/test/functional/issues_controller_test.rb +++ b/test/functional/issues_controller_test.rb @@ -451,6 +451,7 @@ class IssuesControllerTest < ActionController::TestCase assert_difference 'Issue.count' do post :new, :project_id => 1, :issue => {:tracker_id => 3, + :status_id => 2, :subject => 'This is the test_new issue', :description => 'This is the description', :priority_id => 5, @@ -463,6 +464,7 @@ class IssuesControllerTest < ActionController::TestCase assert_not_nil issue assert_equal 2, issue.author_id assert_equal 3, issue.tracker_id + assert_equal 2, issue.status_id assert_nil issue.estimated_hours v = issue.custom_values.find(:first, :conditions => {:custom_field_id => 2}) assert_not_nil v @@ -598,6 +600,47 @@ class IssuesControllerTest < ActionController::TestCase end end + context "without workflow privilege" do + setup do + Workflow.delete_all(["role_id = ?", Role.anonymous.id]) + Role.anonymous.add_permission! :add_issues + end + + context "#new" do + should "propose default status only" do + get :new, :project_id => 1 + assert_response :success + assert_template 'new' + assert_tag :tag => 'select', + :attributes => {:name => 'issue[status_id]'}, + :children => {:count => 1}, + :child => {:tag => 'option', :attributes => {:value => IssueStatus.default.id.to_s}} + end + + should "accept default status" do + assert_difference 'Issue.count' do + post :new, :project_id => 1, + :issue => {:tracker_id => 1, + :subject => 'This is an issue', + :status_id => 1} + end + issue = Issue.last(:order => 'id') + assert_equal IssueStatus.default, issue.status + end + + should "ignore unauthorized status" do + assert_difference 'Issue.count' do + post :new, :project_id => 1, + :issue => {:tracker_id => 1, + :subject => 'This is an issue', + :status_id => 3} + end + issue = Issue.last(:order => 'id') + assert_equal IssueStatus.default, issue.status + end + end + end + def test_copy_issue @request.session[:user_id] = 2 get :new, :project_id => 1, :copy_from => 1