diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index 79b4b616..af39efb2 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -19,7 +19,7 @@ class MessagesController < ApplicationController menu_item :boards before_filter :find_board, :only => [:new, :preview] before_filter :find_message, :except => [:new, :preview] - before_filter :authorize, :except => :preview + before_filter :authorize, :except => [:preview, :edit, :destroy] verify :method => :post, :only => [ :reply, :destroy ], :redirect_to => { :action => :show } verify :xhr => true, :only => :quote @@ -30,7 +30,7 @@ class MessagesController < ApplicationController # Show a topic and its replies def show - @replies = @topic.children + @replies = @topic.children.find(:all, :include => [:author, :attachments, {:board => :project}]) @replies.reverse! if User.current.wants_comments_in_reverse_order? @reply = Message.new(:subject => "RE: #{@message.subject}") render :action => "show", :layout => false if request.xhr? @@ -65,7 +65,8 @@ class MessagesController < ApplicationController # Edit a message def edit - if params[:message] && User.current.allowed_to?(:edit_messages, @project) + render_403 and return false unless @message.editable_by?(User.current) + if params[:message] @message.locked = params[:message]['locked'] @message.sticky = params[:message]['sticky'] end @@ -78,6 +79,7 @@ class MessagesController < ApplicationController # Delete a messages def destroy + render_403 and return false unless @message.destroyable_by?(User.current) @message.destroy redirect_to @message.parent.nil? ? { :controller => 'boards', :action => 'show', :project_id => @project, :id => @board } : diff --git a/app/models/message.rb b/app/models/message.rb index f1cb2d0b..9a313e82 100644 --- a/app/models/message.rb +++ b/app/models/message.rb @@ -71,6 +71,14 @@ class Message < ActiveRecord::Base def project board.project end + + def editable_by?(usr) + usr && usr.logged? && (usr.allowed_to?(:edit_messages, project) || (self.author == usr && usr.allowed_to?(:edit_own_messages, project))) + end + + def destroyable_by?(usr) + usr && usr.logged? && (usr.allowed_to?(:delete_messages, project) || (self.author == usr && usr.allowed_to?(:delete_own_messages, project))) + end private diff --git a/app/views/messages/show.rhtml b/app/views/messages/show.rhtml index 31696d56..4143532b 100644 --- a/app/views/messages/show.rhtml +++ b/app/views/messages/show.rhtml @@ -4,8 +4,8 @@
<%= watcher_tag(@topic, User.current) %> <%= link_to_remote_if_authorized l(:button_quote), { :url => {:action => 'quote', :id => @topic} }, :class => 'icon icon-comment' %> - <%= link_to_if_authorized l(:button_edit), {:action => 'edit', :id => @topic}, :class => 'icon icon-edit' %> - <%= link_to_if_authorized l(:button_delete), {:action => 'destroy', :id => @topic}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del' %> + <%= link_to(l(:button_edit), {:action => 'edit', :id => @topic}, :class => 'icon icon-edit') if @message.editable_by?(User.current) %> + <%= link_to(l(:button_delete), {:action => 'destroy', :id => @topic}, :method => :post, :confirm => l(:text_are_you_sure), :class => 'icon icon-del') if @message.destroyable_by?(User.current) %>

<%=h @topic.subject %>

@@ -25,8 +25,8 @@ ">
<%= link_to_remote_if_authorized image_tag('comment.png'), { :url => {:action => 'quote', :id => message} }, :title => l(:button_quote) %> - <%= link_to_if_authorized image_tag('edit.png'), {:action => 'edit', :id => message}, :title => l(:button_edit) %> - <%= link_to_if_authorized image_tag('delete.png'), {:action => 'destroy', :id => message}, :method => :post, :confirm => l(:text_are_you_sure), :title => l(:button_delete) %> + <%= link_to(image_tag('edit.png'), {:action => 'edit', :id => message}, :title => l(:button_edit)) if message.editable_by?(User.current) %> + <%= link_to(image_tag('delete.png'), {:action => 'destroy', :id => message}, :method => :post, :confirm => l(:text_are_you_sure), :title => l(:button_delete)) if message.destroyable_by?(User.current) %>

<%=h message.subject %> - <%= authoring message.created_on, message.author %>

diff --git a/lang/bg.yml b/lang/bg.yml index 000f0a97..ae345f9d 100644 --- a/lang/bg.yml +++ b/lang/bg.yml @@ -690,3 +690,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/ca.yml b/lang/ca.yml index 5db547ac..52649534 100644 --- a/lang/ca.yml +++ b/lang/ca.yml @@ -691,3 +691,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/cs.yml b/lang/cs.yml index 09ed76ea..d195456c 100644 --- a/lang/cs.yml +++ b/lang/cs.yml @@ -695,3 +695,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/da.yml b/lang/da.yml index b5081e9e..b5dbe6b2 100644 --- a/lang/da.yml +++ b/lang/da.yml @@ -691,3 +691,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/de.yml b/lang/de.yml index 3e59bcf9..14f6e63a 100644 --- a/lang/de.yml +++ b/lang/de.yml @@ -691,3 +691,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/en.yml b/lang/en.yml index 8a4a2577..245663fd 100644 --- a/lang/en.yml +++ b/lang/en.yml @@ -269,7 +269,9 @@ permission_manage_boards: Manage boards permission_view_messages: View messages permission_add_messages: Post messages permission_edit_messages: Edit messages +permission_edit_own_messages: Edit own messages permission_delete_messages: Delete messages +permission_delete_won_messages: Delete own messages project_module_issue_tracking: Issue tracking project_module_time_tracking: Time tracking diff --git a/lang/es.yml b/lang/es.yml index c3b9de2b..c0a624ba 100644 --- a/lang/es.yml +++ b/lang/es.yml @@ -693,3 +693,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/fi.yml b/lang/fi.yml index bdcefef9..5b2dc0e0 100644 --- a/lang/fi.yml +++ b/lang/fi.yml @@ -690,3 +690,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/fr.yml b/lang/fr.yml index ab34575b..8b2defbd 100644 --- a/lang/fr.yml +++ b/lang/fr.yml @@ -270,7 +270,9 @@ permission_manage_boards: Gérer les forums permission_view_messages: Voir les messages permission_add_messages: Poster un message permission_edit_messages: Modifier les messages +permission_edit_own_messages: Modifier ses propres messages permission_delete_messages: Supprimer les messages +permission_delete_won_messages: Supprimer ses propres messages project_module_issue_tracking: Suivi des demandes project_module_time_tracking: Suivi du temps passé diff --git a/lang/he.yml b/lang/he.yml index 13eab75c..e7f70e7e 100644 --- a/lang/he.yml +++ b/lang/he.yml @@ -690,3 +690,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/hu.yml b/lang/hu.yml index 1c4afdcd..1d858a4b 100644 --- a/lang/hu.yml +++ b/lang/hu.yml @@ -691,3 +691,5 @@ permission_edit_own_issue_notes: Saját jegyzetek szerkesztése setting_gravatar_enabled: Felhasználói fényképek engedélyezése label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/it.yml b/lang/it.yml index c6ae84a9..f4427104 100644 --- a/lang/it.yml +++ b/lang/it.yml @@ -690,3 +690,5 @@ permission_edit_own_issue_notes: Modifica proprie note setting_gravatar_enabled: Usa icone utente Gravatar label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/ja.yml b/lang/ja.yml index 4092584d..347454b5 100644 --- a/lang/ja.yml +++ b/lang/ja.yml @@ -691,3 +691,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/ko.yml b/lang/ko.yml index 595acfa9..498572f9 100644 --- a/lang/ko.yml +++ b/lang/ko.yml @@ -690,3 +690,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/lt.yml b/lang/lt.yml index 544cb14f..bcec2b34 100644 --- a/lang/lt.yml +++ b/lang/lt.yml @@ -692,3 +692,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/nl.yml b/lang/nl.yml index 3434b148..03534196 100644 --- a/lang/nl.yml +++ b/lang/nl.yml @@ -692,3 +692,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/no.yml b/lang/no.yml index ca056f80..d6779234 100644 --- a/lang/no.yml +++ b/lang/no.yml @@ -691,3 +691,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/pl.yml b/lang/pl.yml index df7d525d..2a2df834 100644 --- a/lang/pl.yml +++ b/lang/pl.yml @@ -725,3 +725,5 @@ setting_gravatar_enabled: Używaj ikon użytkowników Gravatar label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/pt-br.yml b/lang/pt-br.yml index 13660baa..e1fa0589 100644 --- a/lang/pt-br.yml +++ b/lang/pt-br.yml @@ -691,3 +691,5 @@ permission_edit_own_issue_notes: Editar próprias notas setting_gravatar_enabled: Usar ícones do Gravatar label_example: Exemplo text_repository_usernames_mapping: "Seleciona ou atualiza os usuários do Redmine mapeando para cada usuário encontrado no log do repositório.\nUsuários com o mesmo login ou email no Redmine e no repositório serão mapeados automaticamente." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/pt.yml b/lang/pt.yml index ce1e27a3..310d2c39 100644 --- a/lang/pt.yml +++ b/lang/pt.yml @@ -692,3 +692,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/ro.yml b/lang/ro.yml index 8890f6e2..cc1d9bc5 100644 --- a/lang/ro.yml +++ b/lang/ro.yml @@ -690,3 +690,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/ru.yml b/lang/ru.yml index 363386dc..87c3a13c 100644 --- a/lang/ru.yml +++ b/lang/ru.yml @@ -723,3 +723,5 @@ text_user_wrote: '%s написал(а):' text_wiki_destroy_confirmation: Вы уверены, что хотите удалить данную Wiki и все ее содержимое? text_workflow_edit: Выберите роль и трекер для редактирования последовательности состояний text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/sk.yml b/lang/sk.yml index 5c53eda2..65a9920e 100644 --- a/lang/sk.yml +++ b/lang/sk.yml @@ -695,3 +695,5 @@ permission_edit_own_issue_notes: Editácia vlastných poznámok úlohy setting_gravatar_enabled: Použitie uživateľských Gravatar ikon label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/sr.yml b/lang/sr.yml index 54b1e70c..1f555c41 100644 --- a/lang/sr.yml +++ b/lang/sr.yml @@ -691,3 +691,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/sv.yml b/lang/sv.yml index 76b6e6c3..e5547892 100644 --- a/lang/sv.yml +++ b/lang/sv.yml @@ -691,3 +691,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/th.yml b/lang/th.yml index fa471101..1d2f4e6a 100644 --- a/lang/th.yml +++ b/lang/th.yml @@ -693,3 +693,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/tr.yml b/lang/tr.yml index 90d4d5f6..3646baa4 100644 --- a/lang/tr.yml +++ b/lang/tr.yml @@ -691,3 +691,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/uk.yml b/lang/uk.yml index a7f3f734..55acd3a4 100644 --- a/lang/uk.yml +++ b/lang/uk.yml @@ -692,3 +692,5 @@ permission_edit_own_issue_notes: Edit own notes setting_gravatar_enabled: Use Gravatar user icons label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/vn.yml b/lang/vn.yml index 81957a53..a0506c39 100644 --- a/lang/vn.yml +++ b/lang/vn.yml @@ -691,3 +691,5 @@ permission_edit_time_entries: Edit time logs permission_edit_own_time_entries: Edit own time logs label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/zh-tw.yml b/lang/zh-tw.yml index c99e10de..e0a6ee9e 100644 --- a/lang/zh-tw.yml +++ b/lang/zh-tw.yml @@ -692,3 +692,5 @@ enumeration_issue_priorities: 項目優先權 enumeration_doc_categories: 文件分類 enumeration_activities: 活動 (時間追蹤) text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lang/zh.yml b/lang/zh.yml index 10fd1ac0..6da16683 100644 --- a/lang/zh.yml +++ b/lang/zh.yml @@ -692,3 +692,5 @@ enumeration_doc_categories: 文档类别 enumeration_activities: 活动(时间跟踪) label_example: Example text_repository_usernames_mapping: "Select ou update the Redmine user mapped to each username found in the repository log.\nUsers with the same Redmine and repository username or email are automatically mapped." +permission_edit_own_messages: Edit own messages +permission_delete_won_messages: Delete own messages diff --git a/lib/redmine.rb b/lib/redmine.rb index b07d8e90..19f0854e 100644 --- a/lib/redmine.rb +++ b/lib/redmine.rb @@ -99,7 +99,9 @@ Redmine::AccessControl.map do |map| map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true map.permission :add_messages, {:messages => [:new, :reply, :quote]} map.permission :edit_messages, {:messages => :edit}, :require => :member + map.permission :edit_own_messages, {:messages => :edit}, :require => :loggedin map.permission :delete_messages, {:messages => :destroy}, :require => :member + map.permission :delete_own_messages, {:messages => :destroy}, :require => :loggedin end end diff --git a/lib/redmine/default_data/loader.rb b/lib/redmine/default_data/loader.rb index 1c3b1f93..b7cab56c 100644 --- a/lib/redmine/default_data/loader.rb +++ b/lib/redmine/default_data/loader.rb @@ -65,6 +65,7 @@ module Redmine :edit_wiki_pages, :delete_wiki_pages, :add_messages, + :edit_own_messages, :view_files, :manage_files, :browse_repository, @@ -85,6 +86,7 @@ module Redmine :view_wiki_pages, :view_wiki_edits, :add_messages, + :edit_own_messages, :view_files, :browse_repository, :view_changesets] diff --git a/test/fixtures/messages.yml b/test/fixtures/messages.yml index f82f376c..e578853d 100644 --- a/test/fixtures/messages.yml +++ b/test/fixtures/messages.yml @@ -38,8 +38,8 @@ messages_004: updated_on: 2007-08-12 17:15:32 +02:00 subject: Post 2 id: 4 - replies_count: 1 - last_reply_id: 5 + replies_count: 2 + last_reply_id: 6 content: "This is an other post" author_id: parent_id: @@ -55,3 +55,14 @@ messages_005: author_id: 1 parent_id: 4 board_id: 1 +messages_006: + created_on: <%= 2.days.ago.to_date.to_s(:db) %> + updated_on: <%= 2.days.ago.to_date.to_s(:db) %> + subject: 'RE: post 2' + id: 6 + replies_count: 0 + last_reply_id: + content: "Another reply to the second post" + author_id: 3 + parent_id: 4 + board_id: 1 diff --git a/test/fixtures/roles.yml b/test/fixtures/roles.yml index 5bc6809d..d8ae2c81 100644 --- a/test/fixtures/roles.yml +++ b/test/fixtures/roles.yml @@ -80,6 +80,8 @@ roles_002: - :protect_wiki_pages - :delete_wiki_pages - :add_messages + - :edit_own_messages + - :delete_own_messages - :manage_boards - :view_files - :manage_files diff --git a/test/unit/message_test.rb b/test/unit/message_test.rb index 6e8e8fb2..b907cfef 100644 --- a/test/unit/message_test.rb +++ b/test/unit/message_test.rb @@ -1,7 +1,7 @@ require File.dirname(__FILE__) + '/../test_helper' class MessageTest < Test::Unit::TestCase - fixtures :projects, :boards, :messages, :users, :watchers + fixtures :projects, :roles, :members, :boards, :messages, :users, :watchers def setup @board = Board.find(1) @@ -76,4 +76,22 @@ class MessageTest < Test::Unit::TestCase assert_equal topics_count, board.topics_count assert_equal messages_count - 1, board.messages_count end + + def test_editable_by + message = Message.find(6) + author = message.author + assert message.editable_by?(author) + + author.role_for_project(message.project).remove_permission!(:edit_own_messages) + assert !message.reload.editable_by?(author.reload) + end + + def test_destroyable_by + message = Message.find(6) + author = message.author + assert message.destroyable_by?(author) + + author.role_for_project(message.project).remove_permission!(:delete_own_messages) + assert !message.reload.destroyable_by?(author.reload) + end end