##// END OF EJS Templates
jro_apps » redmine
RSS
Check project assignment on issue copy/move....
Jean-Philippe Lang -
r8433:2a55d3761971
parent child
Show More
Side by Side Unified
Context file:
r8433:2a55d3761971 Loading diff...:
Show file before | Show file after | Hide comments
@@ -311,7 +311,6 class Issue < ActiveRecord::Base
311 # Should be called from controllers instead of #attributes=
311 # Should be called from controllers instead of #attributes=
312 # attr_accessible is too rough because we still want things like
312 # attr_accessible is too rough because we still want things like
313 # Issue.new(:project => foo) to work
313 # Issue.new(:project => foo) to work
314 # TODO: move workflow/permission checks from controllers to here
315 def safe_attributes=(attrs, user=User.current)
314 def safe_attributes=(attrs, user=User.current)
316 return unless attrs.is_a?(Hash)
315 return unless attrs.is_a?(Hash)
317
316
@@ -321,9 +320,11 class Issue < ActiveRecord::Base
321
320
322 # Project and Tracker must be set before since new_statuses_allowed_to depends on it.
321 # Project and Tracker must be set before since new_statuses_allowed_to depends on it.
323 if p = attrs.delete('project_id')
322 if p = attrs.delete('project_id')
324 self.project_id = p
323 if allowed_target_projects(user).collect(&:id).include?(p.to_i)
324 self.project_id = p
325 end
325 end
326 end
326
327
327 if t = attrs.delete('tracker_id')
328 if t = attrs.delete('tracker_id')
328 self.tracker_id = t
329 self.tracker_id = t
329 end
330 end
@@ -769,7 +770,16 class Issue < ActiveRecord::Base
769 end
770 end
770 # End ReportsController extraction
771 # End ReportsController extraction
771
772
772 # Returns an array of projects that current user can move issues to
773 # Returns an array of projects that user can assign the issue to
774 def allowed_target_projects(user=User.current)
775 if new_record?
776 Project.all(:conditions => Project.allowed_to_condition(user, :add_issues))
777 else
778 self.class.allowed_target_projects_on_move(user)
779 end
780 end
781
782 # Returns an array of projects that user can move issues to
773 def self.allowed_target_projects_on_move(user=User.current)
783 def self.allowed_target_projects_on_move(user=User.current)
774 projects = []
784 projects = []
775 if user.admin?
785 if user.admin?
Show file before | Show file after | Hide comments
@@ -8,7 +8,7
8 <% end %>
8 <% end %>
9
9
10 <% if @issue.safe_attribute? 'project_id' %>
10 <% if @issue.safe_attribute? 'project_id' %>
11 <p><%= f.select :project_id, project_tree_options_for_select(Issue.allowed_target_projects_on_move, :selected => @issue.project), :required => true %></p>
11 <p><%= f.select :project_id, project_tree_options_for_select(@issue.allowed_target_projects, :selected => @issue.project), :required => true %></p>
12 <%= observe_field :issue_project_id, :url => project_issue_form_path(@project, :id => @issue, :project_change => '1'),
12 <%= observe_field :issue_project_id, :url => project_issue_form_path(@project, :id => @issue, :project_change => '1'),
13 :with => "Form.serialize('issue-form')" %>
13 :with => "Form.serialize('issue-form')" %>
14 <% end %>
14 <% end %>
Show file before | Show file after | Hide comments
@@ -1630,6 +1630,18 class IssuesControllerTest < ActionController::TestCase
1630 assert_tag 'input', :attributes => {:name => 'copy_from', :value => '1'}
1630 assert_tag 'input', :attributes => {:name => 'copy_from', :value => '1'}
1631 end
1631 end
1632
1632
1633 def test_create_as_copy_on_project_without_permission_should_ignore_target_project
1634 @request.session[:user_id] = 2
1635 assert !User.find(2).member_of?(Project.find(4))
1636
1637 assert_difference 'Issue.count' do
1638 post :create, :project_id => 1, :copy_from => 1,
1639 :issue => {:project_id => '4', :tracker_id => '3', :status_id => '1', :subject => 'Copy'}
1640 end
1641 issue = Issue.first(:order => 'id DESC')
1642 assert_equal 1, issue.project_id
1643 end
1644
1633 def test_get_edit
1645 def test_get_edit
1634 @request.session[:user_id] = 2
1646 @request.session[:user_id] = 2
1635 get :edit, :id => 1
1647 get :edit, :id => 1
General Comments 0
You need to be logged in to leave comments. Login now