| @@ -0,0 +1,49 | |||||
|
|
1 | # Redmine - project management software | |||
|
|
2 | # Copyright (C) 2006-2008 Jean-Philippe Lang | |||
|
|
3 | # | |||
|
|
4 | # This program is free software; you can redistribute it and/or | |||
|
|
5 | # modify it under the terms of the GNU General Public License | |||
|
|
6 | # as published by the Free Software Foundation; either version 2 | |||
|
|
7 | # of the License, or (at your option) any later version. | |||
|
|
8 | # | |||
|
|
9 | # This program is distributed in the hope that it will be useful, | |||
|
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
|
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
|
|
12 | # GNU General Public License for more details. | |||
|
|
13 | # | |||
|
|
14 | # You should have received a copy of the GNU General Public License | |||
|
|
15 | # along with this program; if not, write to the Free Software | |||
|
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
|
|
17 | ||||
|
|
18 | require File.dirname(__FILE__) + '/../../../test_helper' | |||
|
|
19 | ||||
|
|
20 | class Redmine::AccessControlTest < Test::Unit::TestCase | |||
|
|
21 | ||||
|
|
22 | def setup | |||
|
|
23 | @access_module = Redmine::AccessControl | |||
|
|
24 | end | |||
|
|
25 | ||||
|
|
26 | def test_permissions | |||
|
|
27 | perms = @access_module.permissions | |||
|
|
28 | assert perms.is_a?(Array) | |||
|
|
29 | assert perms.first.is_a?(Redmine::AccessControl::Permission) | |||
|
|
30 | end | |||
|
|
31 | ||||
|
|
32 | def test_module_permission | |||
|
|
33 | perm = @access_module.permission(:view_issues) | |||
|
|
34 | assert perm.is_a?(Redmine::AccessControl::Permission) | |||
|
|
35 | assert_equal :view_issues, perm.name | |||
|
|
36 | assert_equal :issue_tracking, perm.project_module | |||
|
|
37 | assert perm.actions.is_a?(Array) | |||
|
|
38 | assert perm.actions.include?('issues/index') | |||
|
|
39 | end | |||
|
|
40 | ||||
|
|
41 | def test_no_module_permission | |||
|
|
42 | perm = @access_module.permission(:edit_project) | |||
|
|
43 | assert perm.is_a?(Redmine::AccessControl::Permission) | |||
|
|
44 | assert_equal :edit_project, perm.name | |||
|
|
45 | assert_nil perm.project_module | |||
|
|
46 | assert perm.actions.is_a?(Array) | |||
|
|
47 | assert perm.actions.include?('projects/settings') | |||
|
|
48 | end | |||
|
|
49 | end | |||
| @@ -108,6 +108,12 class Project < ActiveRecord::Base | |||||
| 108 | def self.allowed_to_condition(user, permission, options={}) |
|
108 | def self.allowed_to_condition(user, permission, options={}) | |
| 109 | statements = [] |
|
109 | statements = [] | |
| 110 | base_statement = "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}" |
|
110 | base_statement = "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}" | |
|
|
111 | if perm = Redmine::AccessControl.permission(permission) | |||
|
|
112 | unless perm.project_module.nil? | |||
|
|
113 | # If the permission belongs to a project module, make sure the module is enabled | |||
|
|
114 | base_statement << " AND EXISTS (SELECT em.id FROM #{EnabledModule.table_name} em WHERE em.name='#{perm.project_module}' AND em.project_id=#{Project.table_name}.id)" | |||
|
|
115 | end | |||
|
|
116 | end | |||
| 111 | if options[:project] |
|
117 | if options[:project] | |
| 112 | project_statement = "#{Project.table_name}.id = #{options[:project].id}" |
|
118 | project_statement = "#{Project.table_name}.id = #{options[:project].id}" | |
| 113 | project_statement << " OR #{Project.table_name}.parent_id = #{options[:project].id}" if options[:with_subprojects] |
|
119 | project_statement << " OR #{Project.table_name}.parent_id = #{options[:project].id}" if options[:with_subprojects] | |
| @@ -277,7 +277,7 class Query < ActiveRecord::Base | |||||
| 277 | elsif project |
|
277 | elsif project | |
| 278 | project_clauses << "#{Project.table_name}.id = %d" % project.id |
|
278 | project_clauses << "#{Project.table_name}.id = %d" % project.id | |
| 279 | end |
|
279 | end | |
| 280 |
project_clauses << Project. |
|
280 | project_clauses << Project.allowed_to_condition(User.current, :view_issues) | |
| 281 | project_clauses.join(' AND ') |
|
281 | project_clauses.join(' AND ') | |
| 282 | end |
|
282 | end | |
| 283 |
|
283 | |||
| @@ -30,8 +30,15 module Redmine | |||||
| 30 | @permissions |
|
30 | @permissions | |
| 31 | end |
|
31 | end | |
| 32 |
|
32 | |||
|
|
33 | # Returns the permission of given name or nil if it wasn't found | |||
|
|
34 | # Argument should be a symbol | |||
|
|
35 | def permission(name) | |||
|
|
36 | permissions.detect {|p| p.name == name} | |||
|
|
37 | end | |||
|
|
38 | ||||
|
|
39 | # Returns the actions that are allowed by the permission of given name | |||
| 33 | def allowed_actions(permission_name) |
|
40 | def allowed_actions(permission_name) | |
| 34 |
perm = |
|
41 | perm = permission(permission_name) | |
| 35 | perm ? perm.actions : [] |
|
42 | perm ? perm.actions : [] | |
| 36 | end |
|
43 | end | |
| 37 |
|
44 | |||
| @@ -94,6 +101,7 module Redmine | |||||
| 94 | @actions << "#{controller}/#{actions}" |
|
101 | @actions << "#{controller}/#{actions}" | |
| 95 | end |
|
102 | end | |
| 96 | end |
|
103 | end | |
|
|
104 | @actions.flatten! | |||
| 97 | end |
|
105 | end | |
| 98 |
|
106 | |||
| 99 | def public? |
|
107 | def public? | |
| @@ -43,4 +43,16 enabled_modules_011: | |||||
| 43 | name: issue_tracking |
|
43 | name: issue_tracking | |
| 44 | project_id: 2 |
|
44 | project_id: 2 | |
| 45 | id: 11 |
|
45 | id: 11 | |
|
|
46 | enabled_modules_012: | |||
|
|
47 | name: time_tracking | |||
|
|
48 | project_id: 3 | |||
|
|
49 | id: 12 | |||
|
|
50 | enabled_modules_013: | |||
|
|
51 | name: issue_tracking | |||
|
|
52 | project_id: 3 | |||
|
|
53 | id: 13 | |||
|
|
54 | enabled_modules_014: | |||
|
|
55 | name: issue_tracking | |||
|
|
56 | project_id: 5 | |||
|
|
57 | id: 14 | |||
| 46 | No newline at end of file |
|
58 | ||
| @@ -62,6 +62,17 class IssuesControllerTest < Test::Unit::TestCase | |||||
| 62 | assert_no_tag :tag => 'a', :content => /Issue of a private subproject/ |
|
62 | assert_no_tag :tag => 'a', :content => /Issue of a private subproject/ | |
| 63 | assert_no_tag :tag => 'a', :content => /Issue on project 2/ |
|
63 | assert_no_tag :tag => 'a', :content => /Issue on project 2/ | |
| 64 | end |
|
64 | end | |
|
|
65 | ||||
|
|
66 | def test_index_should_not_list_issues_when_module_disabled | |||
|
|
67 | EnabledModule.delete_all("name = 'issue_tracking' AND project_id = 1") | |||
|
|
68 | get :index | |||
|
|
69 | assert_response :success | |||
|
|
70 | assert_template 'index.rhtml' | |||
|
|
71 | assert_not_nil assigns(:issues) | |||
|
|
72 | assert_nil assigns(:project) | |||
|
|
73 | assert_no_tag :tag => 'a', :content => /Can't print recipes/ | |||
|
|
74 | assert_tag :tag => 'a', :content => /Subproject issue/ | |||
|
|
75 | end | |||
| 65 |
|
76 | |||
| 66 | def test_index_with_project |
|
77 | def test_index_with_project | |
| 67 | Setting.display_subprojects_issues = 0 |
|
78 | Setting.display_subprojects_issues = 0 | |
General Comments 0
You need to be logged in to leave comments.
Login now