Merge branch 'ticket/unstable/805-wiki-watching' into unstable
This commit is contained in:
commit
a8d28e4593
|
@ -16,6 +16,7 @@ class WatchersController < ApplicationController
|
|||
before_filter :find_project
|
||||
before_filter :require_login, :check_project_privacy, :only => [:watch, :unwatch]
|
||||
before_filter :authorize, :only => [:new, :destroy]
|
||||
before_filter :authorize_access_to_object, :only => [:new, :destroy]
|
||||
|
||||
verify :method => :post,
|
||||
:only => [ :watch, :unwatch ],
|
||||
|
@ -97,4 +98,24 @@ private
|
|||
rescue ::ActionController::RedirectBackError
|
||||
render :text => (watching ? 'Watcher added.' : 'Watcher removed.'), :layout => true
|
||||
end
|
||||
|
||||
def authorize_access_to_object
|
||||
permission = ''
|
||||
case params[:action]
|
||||
when 'new'
|
||||
permission << 'add_'
|
||||
when 'destroy'
|
||||
permission << 'delete_'
|
||||
end
|
||||
|
||||
# Ends up like: :delete_wiki_page_watchers
|
||||
permission << "#{@watched.class.name.underscore}_watchers"
|
||||
|
||||
if User.current.allowed_to?(permission.to_sym, @project)
|
||||
return true
|
||||
else
|
||||
deny_access
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
<div class="contextual">
|
||||
<%= link_to_function(l(:button_add), "$('new-watcher-form').toggle();") if User.current.allowed_to?(:add_issue_watchers, @project) %>
|
||||
<%= link_to_function(l(:button_add), "$('new-watcher-form').toggle();") if User.current.allowed_to?("add_#{watched.class.name.underscore}_watchers".to_sym, @project) %>
|
||||
</div>
|
||||
|
||||
<h3><%= l(:label_issue_watchers) %> (<%= watched.watcher_users.size %>)</h3>
|
||||
|
||||
<% if User.current.allowed_to?(:add_issue_watchers, @project) %>
|
||||
<% if User.current.allowed_to?("add_#{watched.class.name.underscore}_watchers".to_sym, @project) %>
|
||||
<% remote_form_for(:watcher, @watcher,
|
||||
:url => {:controller => 'watchers',
|
||||
:action => 'new',
|
||||
|
|
|
@ -59,6 +59,14 @@
|
|||
|
||||
<% content_for :sidebar do %>
|
||||
<%= render :partial => 'wiki/sidebar' %>
|
||||
|
||||
<% if User.current.allowed_to?(:add_wiki_page_watchers, @project) ||
|
||||
(@page.watchers.present? && User.current.allowed_to?(:view_wiki_page_watchers, @project)) %>
|
||||
<div id="watchers">
|
||||
<%= render :partial => 'watchers/watchers', :locals => {:watched => @page} %>
|
||||
</div>
|
||||
<% end %>
|
||||
|
||||
<% end %>
|
||||
|
||||
<% html_title h(@page.pretty_title) %>
|
||||
|
|
|
@ -136,6 +136,9 @@ Redmine::AccessControl.map do |map|
|
|||
map.permission :edit_wiki_pages, :wiki => [:edit, :update, :preview, :add_attachment]
|
||||
map.permission :delete_wiki_pages_attachments, {}
|
||||
map.permission :protect_wiki_pages, {:wiki => :protect}, :require => :member
|
||||
map.permission :view_wiki_page_watchers, {}
|
||||
map.permission :add_wiki_page_watchers, {:watchers => :new}
|
||||
map.permission :delete_wiki_page_watchers, {:watchers => :destroy}
|
||||
end
|
||||
|
||||
map.project_module :repository do |map|
|
||||
|
|
|
@ -45,6 +45,9 @@ roles_001:
|
|||
- :protect_wiki_pages
|
||||
- :delete_wiki_pages
|
||||
- :rename_wiki_pages
|
||||
- :view_wiki_page_watchers
|
||||
- :add_wiki_page_watchers
|
||||
- :delete_wiki_page_watchers
|
||||
- :add_messages
|
||||
- :edit_messages
|
||||
- :delete_messages
|
||||
|
|
|
@ -19,7 +19,8 @@ class WatchersController; def rescue_action(e) raise e end; end
|
|||
|
||||
class WatchersControllerTest < ActionController::TestCase
|
||||
fixtures :projects, :users, :roles, :members, :member_roles, :enabled_modules,
|
||||
:issues, :trackers, :projects_trackers, :issue_statuses, :enumerations, :watchers
|
||||
:issues, :trackers, :projects_trackers, :issue_statuses, :enumerations, :watchers,
|
||||
:wikis, :wiki_pages
|
||||
|
||||
def setup
|
||||
@controller = WatchersController.new
|
||||
|
@ -145,9 +146,58 @@ class WatchersControllerTest < ActionController::TestCase
|
|||
end
|
||||
assert Issue.find(2).watched_by?(@group)
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
def test_new_multiple_users_watching_wiki_page
|
||||
Role.find(1).add_permission! :add_wiki_page_watchers
|
||||
|
||||
@request.session[:user_id] = 2
|
||||
@page = WikiPage.find(1)
|
||||
assert !@page.watched_by?(User.find(2))
|
||||
assert !@page.watched_by?(User.find(4))
|
||||
assert !@page.watched_by?(User.find(7))
|
||||
|
||||
assert_difference('Watcher.count', 3) do
|
||||
xhr :post, :new, :object_type => 'wiki_page', :object_id => '1', :user_ids => ['2','4','7']
|
||||
assert_response :success
|
||||
assert_select_rjs :replace_html, 'watchers'
|
||||
end
|
||||
@page.reload
|
||||
assert @page.watched_by?(User.find(2))
|
||||
assert @page.watched_by?(User.find(4))
|
||||
assert @page.watched_by?(User.find(7))
|
||||
end
|
||||
|
||||
def test_new_issue_watcher_without_permission
|
||||
Role.find(1).remove_permission! :add_issue_watchers
|
||||
|
||||
@request.session[:user_id] = 2
|
||||
assert_difference('Watcher.count',0) do
|
||||
xhr :post, :new, :object_type => 'issue', :object_id => '2', :user_ids => ['4']
|
||||
assert_response :forbidden
|
||||
end
|
||||
assert !Issue.find(2).watched_by?(User.find(4))
|
||||
|
||||
end
|
||||
|
||||
def test_remove_wiki_page_watcher_without_permission
|
||||
Role.find(1).remove_permission! :delete_wiki_page_watchers
|
||||
|
||||
@request.session[:user_id] = 2
|
||||
@page = WikiPage.find(1)
|
||||
|
||||
assert_difference('Watcher.count',0) do
|
||||
xhr :post, :new, :object_type => 'wiki_page', :object_id => '1', :user_ids => ['2']
|
||||
assert_response :forbidden
|
||||
end
|
||||
assert !WikiPage.find(1).watched_by?(User.find(2))
|
||||
|
||||
end
|
||||
|
||||
def test_remove_watcher
|
||||
Role.find(1).add_permission! :delete_issue_watchers
|
||||
|
||||
@request.session[:user_id] = 2
|
||||
assert_difference('Watcher.count', -1) do
|
||||
xhr :post, :destroy, :object_type => 'issue', :object_id => '2', :user_id => '3'
|
||||
|
@ -175,4 +225,48 @@ class WatchersControllerTest < ActionController::TestCase
|
|||
|
||||
end
|
||||
|
||||
def test_remove_wiki_page_watcher
|
||||
Role.find(1).add_permission! :delete_wiki_page_watchers
|
||||
|
||||
@request.session[:user_id] = 2
|
||||
@page = WikiPage.find(1)
|
||||
Watcher.create!(:user_id => 2, :watchable => @page)
|
||||
assert @page.watched_by?(User.find(2))
|
||||
|
||||
assert_difference('Watcher.count', -1) do
|
||||
xhr :post, :destroy, :object_type => 'wiki_page', :object_id => '1', :user_id => '2'
|
||||
assert_response :success
|
||||
assert_select_rjs :replace_html, 'watchers'
|
||||
end
|
||||
assert !WikiPage.find(1).watched_by?(User.find(2))
|
||||
end
|
||||
|
||||
def test_remove_issue_watcher_without_permission
|
||||
Role.find(1).remove_permission! :delete_issue_watchers
|
||||
|
||||
@request.session[:user_id] = 2
|
||||
assert_difference('Watcher.count',0) do
|
||||
xhr :post, :destroy, :object_type => 'issue', :object_id => '2', :user_id => '3'
|
||||
assert_response :forbidden
|
||||
end
|
||||
assert Issue.find(2).watched_by?(User.find(3))
|
||||
|
||||
end
|
||||
|
||||
def test_remove_wiki_page_watcher_without_permission
|
||||
Role.find(1).remove_permission! :delete_wiki_page_watchers
|
||||
|
||||
@request.session[:user_id] = 2
|
||||
@page = WikiPage.find(1)
|
||||
Watcher.create!(:user_id => 2, :watchable => @page)
|
||||
assert @page.watched_by?(User.find(2))
|
||||
|
||||
assert_difference('Watcher.count',0) do
|
||||
xhr :post, :destroy, :object_type => 'wiki_page', :object_id => '1', :user_id => '2'
|
||||
assert_response :forbidden
|
||||
end
|
||||
assert WikiPage.find(1).watched_by?(User.find(2))
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue