kolan/obsolete.ChilliProject
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[#805] Add the Watchers sidebar to Wiki Pages

Browse Source
This commit is contained in:
Eric Davis 2010-12-14 09:11:48 -08:00
parent 3df729e47d
commit 97fe88f8d9
6 changed files with 137 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
app/controllers/watchers_controller.rb
View File

@ -16,7 +16,8 @@ class WatchersController < ApplicationController
before_filter :find_project before_filter :find_project
before_filter :require_login, :check_project_privacy, :only => [:watch, :unwatch] before_filter :require_login, :check_project_privacy, :only => [:watch, :unwatch]
before_filter :authorize, :only => [:new, :destroy] before_filter :authorize, :only => [:new, :destroy]
before_filter :authorize_access_to_object, :only => [:new, :destroy]
verify :method => :post, verify :method => :post,
:only => [ :watch, :unwatch ], :only => [ :watch, :unwatch ],
:render => { :nothing => true, :status => :method_not_allowed } :render => { :nothing => true, :status => :method_not_allowed }
@ -97,4 +98,28 @@ private
rescue ::ActionController::RedirectBackError rescue ::ActionController::RedirectBackError
render :text => (watching ? 'Watcher added.' : 'Watcher removed.'), :layout => true render :text => (watching ? 'Watcher added.' : 'Watcher removed.'), :layout => true
end end
def authorize_access_to_object
allowed = false
case @watched.class.to_s
when "Issue"
if params[:action] == 'new'
allowed = true if User.current.allowed_to?(:add_issue_watchers, @project)
end
if params[:action] == 'destroy'
allowed = true if User.current.allowed_to?(:delete_issue_watchers, @project)
end
when "WikiPage"
if params[:action] == 'new'
allowed = true if User.current.allowed_to?(:add_wiki_page_watchers, @project)
end
if params[:action] == 'destroy'
allowed = true if User.current.allowed_to?(:delete_wiki_page_watchers, @project)
end
end
deny_access unless allowed
end
end end

4
app/views/watchers/_watchers.rhtml
View File

@ -1,10 +1,10 @@
<div class="contextual"> <div class="contextual">
<%= link_to_function(l(:button_add), "$('new-watcher-form').toggle();") if User.current.allowed_to?(:add_issue_watchers, @project) %> <%= link_to_function(l(:button_add), "$('new-watcher-form').toggle();") if User.current.allowed_to?("add_#{watched.class.name.underscore}_watchers".to_sym, @project) %>
</div> </div>
<h3><%= l(:label_issue_watchers) %> (<%= watched.watcher_users.size %>)</h3> <h3><%= l(:label_issue_watchers) %> (<%= watched.watcher_users.size %>)</h3>
<% if User.current.allowed_to?(:add_issue_watchers, @project) %> <% if User.current.allowed_to?("add_#{watched.class.name.underscore}_watchers".to_sym, @project) %>
<% remote_form_for(:watcher, @watcher, <% remote_form_for(:watcher, @watcher,
:url => {:controller => 'watchers', :url => {:controller => 'watchers',
:action => 'new', :action => 'new',

8
app/views/wiki/show.rhtml
View File

@ -59,6 +59,14 @@
<% content_for :sidebar do %> <% content_for :sidebar do %>
<%= render :partial => 'wiki/sidebar' %> <%= render :partial => 'wiki/sidebar' %>
<% if User.current.allowed_to?(:add_wiki_page_watchers, @project) ||
(@page.watchers.present? && User.current.allowed_to?(:view_wiki_page_watchers, @project)) %>
<div id="watchers">
<%= render :partial => 'watchers/watchers', :locals => {:watched => @page} %>
</div>
<% end %>
<% end %> <% end %>
<% html_title h(@page.pretty_title) %> <% html_title h(@page.pretty_title) %>

3
lib/redmine.rb
View File

@ -136,6 +136,9 @@ Redmine::AccessControl.map do |map|
map.permission :edit_wiki_pages, :wiki => [:edit, :update, :preview, :add_attachment] map.permission :edit_wiki_pages, :wiki => [:edit, :update, :preview, :add_attachment]
map.permission :delete_wiki_pages_attachments, {} map.permission :delete_wiki_pages_attachments, {}
map.permission :protect_wiki_pages, {:wiki => :protect}, :require => :member map.permission :protect_wiki_pages, {:wiki => :protect}, :require => :member
map.permission :view_wiki_page_watchers, {}
map.permission :add_wiki_page_watchers, {:watchers => :new}
map.permission :delete_wiki_page_watchers, {:watchers => :destroy}
end end
map.project_module :repository do |map| map.project_module :repository do |map|

3
test/fixtures/roles.yml vendored
View File

@ -45,6 +45,9 @@ roles_001:
- :protect_wiki_pages - :protect_wiki_pages
- :delete_wiki_pages - :delete_wiki_pages
- :rename_wiki_pages - :rename_wiki_pages
- :view_wiki_page_watchers
- :add_wiki_page_watchers
- :delete_wiki_page_watchers
- :add_messages - :add_messages
- :edit_messages - :edit_messages
- :delete_messages - :delete_messages

96
test/functional/watchers_controller_test.rb
View File

@ -19,7 +19,8 @@ class WatchersController; def rescue_action(e) raise e end; end
class WatchersControllerTest < ActionController::TestCase class WatchersControllerTest < ActionController::TestCase
fixtures :projects, :users, :roles, :members, :member_roles, :enabled_modules, fixtures :projects, :users, :roles, :members, :member_roles, :enabled_modules,
:issues, :trackers, :projects_trackers, :issue_statuses, :enumerations, :watchers :issues, :trackers, :projects_trackers, :issue_statuses, :enumerations, :watchers,
:wikis, :wiki_pages
def setup def setup
@controller = WatchersController.new @controller = WatchersController.new
@ -145,9 +146,58 @@ class WatchersControllerTest < ActionController::TestCase
end end
assert Issue.find(2).watched_by?(@group) assert Issue.find(2).watched_by?(@group)
end end
end
def test_new_multiple_users_watching_wiki_page
Role.find(1).add_permission! :add_wiki_page_watchers
@request.session[:user_id] = 2
@page = WikiPage.find(1)
assert !@page.watched_by?(User.find(2))
assert !@page.watched_by?(User.find(4))
assert !@page.watched_by?(User.find(7))
assert_difference('Watcher.count', 3) do
xhr :post, :new, :object_type => 'wiki_page', :object_id => '1', :user_ids => ['2','4','7']
assert_response :success
assert_select_rjs :replace_html, 'watchers'
end
@page.reload
assert @page.watched_by?(User.find(2))
assert @page.watched_by?(User.find(4))
assert @page.watched_by?(User.find(7))
end
def test_new_issue_watcher_without_permission
Role.find(1).remove_permission! :add_issue_watchers
@request.session[:user_id] = 2
assert_difference('Watcher.count',0) do
xhr :post, :new, :object_type => 'issue', :object_id => '2', :user_ids => ['4']
assert_response :forbidden
end
assert !Issue.find(2).watched_by?(User.find(4))
end
def test_remove_wiki_page_watcher_without_permission
Role.find(1).remove_permission! :delete_wiki_page_watchers
@request.session[:user_id] = 2
@page = WikiPage.find(1)
assert_difference('Watcher.count',0) do
xhr :post, :new, :object_type => 'wiki_page', :object_id => '1', :user_ids => ['2']
assert_response :forbidden
end
assert !WikiPage.find(1).watched_by?(User.find(2))
end end
def test_remove_watcher def test_remove_watcher
Role.find(1).add_permission! :delete_issue_watchers
@request.session[:user_id] = 2 @request.session[:user_id] = 2
assert_difference('Watcher.count', -1) do assert_difference('Watcher.count', -1) do
xhr :post, :destroy, :object_type => 'issue', :object_id => '2', :user_id => '3' xhr :post, :destroy, :object_type => 'issue', :object_id => '2', :user_id => '3'
@ -175,4 +225,48 @@ class WatchersControllerTest < ActionController::TestCase
end end
def test_remove_wiki_page_watcher
Role.find(1).add_permission! :delete_wiki_page_watchers
@request.session[:user_id] = 2
@page = WikiPage.find(1)
Watcher.create!(:user_id => 2, :watchable => @page)
assert @page.watched_by?(User.find(2))
assert_difference('Watcher.count', -1) do
xhr :post, :destroy, :object_type => 'wiki_page', :object_id => '1', :user_id => '2'
assert_response :success
assert_select_rjs :replace_html, 'watchers'
end
assert !WikiPage.find(1).watched_by?(User.find(2))
end
def test_remove_issue_watcher_without_permission
Role.find(1).remove_permission! :delete_issue_watchers
@request.session[:user_id] = 2
assert_difference('Watcher.count',0) do
xhr :post, :destroy, :object_type => 'issue', :object_id => '2', :user_id => '3'
assert_response :forbidden
end
assert Issue.find(2).watched_by?(User.find(3))
end
def test_remove_wiki_page_watcher_without_permission
Role.find(1).remove_permission! :delete_wiki_page_watchers
@request.session[:user_id] = 2
@page = WikiPage.find(1)
Watcher.create!(:user_id => 2, :watchable => @page)
assert @page.watched_by?(User.find(2))
assert_difference('Watcher.count',0) do
xhr :post, :destroy, :object_type => 'wiki_page', :object_id => '1', :user_id => '2'
assert_response :forbidden
end
assert WikiPage.find(1).watched_by?(User.find(2))
end
end end