jro_apps/redmine Commit - r3124:62c83bdd2e1b

Adds a 'Add subprojects' permission....

Jean-Philippe Lang -

r3124:62c83bdd2e1b

parent child

Context file:

r3124:62c83bdd2e1b

Expand all files

app/controllers/projects_controller.rb +18 -3

                   @project.enabled_module_names = Setting.default_projects_modules
                 else
                   @project.enabled_module_names = params[:enabled_modules]
-                  if @project.save
+                  if validate_parent_id && @project.save
                     @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
                     # Add current user as a project member if he is not admin
                     unless User.current.admin?
                 else
                   @project = Project.new(params[:project])
                   @project.enabled_module_names = params[:enabled_modules]
-                  if @project.copy(@source_project, :only => params[:only])
+                  if validate_parent_id && @project.copy(@source_project, :only => params[:only])
                     @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
                     flash[:notice] = l(:notice_successful_create)
                     redirect_to :controller => 'admin', :action => 'projects'
               def edit
                 if request.post?
                   @project.attributes = params[:project]
-                  if @project.save
+                  if validate_parent_id && @project.save
                     @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id')
                     flash[:notice] = l(:notice_successful_update)
                     redirect_to :action => 'settings', :id => @project
                   @selected_tracker_ids = (default_trackers || selectable_trackers).collect {|t| t.id.to_s }
                 end
               end
+              # Validates parent_id param according to user's permissions
+              # TODO: move it to Project model in a validation that depends on User.current
+              def validate_parent_id
+                return true if User.current.admin?
+                parent_id = params[:project] && params[:project][:parent_id]
+                if parent_id || @project.new_record?
+                  parent = parent_id.blank? ? nil : Project.find_by_id(parent_id.to_i)
+                  unless @project.allowed_parents.include?(parent)
+                    @project.errors.add :parent_id, :invalid
+                    return false
+                  end
+                end
+                true
+              end
             end

app/helpers/projects_helper.rb +10 -1

@@ -36,7 +36,16 module ProjectsHelper
36	end	36	end
37		37
38	def parent_project_select_tag(project)	38	def parent_project_select_tag(project)
39	options = '<option></option>' + project_tree_options_for_select(project.allowed_parents, :selected => project.parent)	39	selected = project.parent
		40	# retrieve the requested parent project
		41	parent_id = (params[:project] && params[:project][:parent_id]) \|\| params[:parent_id]
		42	if parent_id
		43	selected = (parent_id.blank? ? nil : Project.find(parent_id))
		44	end
		45
		46	options = ''
		47	options << "<option value=''></option>" if project.allowed_parents.include?(nil)
		48	options << project_tree_options_for_select(project.allowed_parents.compact, :selected => selected)
40	content_tag('select', options, :name => 'project[parent_id]')	49	content_tag('select', options, :name => 'project[parent_id]')
41	end	50	end
42		51

app/models/project.rb +5 -1

               # by the current user
               def allowed_parents
                 return @allowed_parents if @allowed_parents
-                @allowed_parents = (Project.find(:all, :conditions => Project.allowed_to_condition(User.current, :add_project, :member => true)) - self_and_descendants)
+                @allowed_parents = Project.find(:all, :conditions => Project.allowed_to_condition(User.current, :add_subprojects))
+                @allowed_parents = @allowed_parents - self_and_descendants
+                if User.current.allowed_to?(:add_project, nil, :global => true)
+                  @allowed_parents << nil
+                end
                 unless parent.nil? || @allowed_parents.empty? || @allowed_parents.include?(parent)
                   @allowed_parents << parent
                 end

app/views/projects/_form.rhtml +1 -1

             <!--[form:project]-->
             <p><%= f.text_field :name, :required => true %><br /><em><%= l(:text_caracters_maximum, 30) %></em></p>
-            <% unless @project.allowed_parents.empty? %>
+            <% unless @project.allowed_parents.compact.empty? %>
                 <p><label><%= l(:field_parent) %></label><%= parent_project_select_tag(@project) %></p>
             <% end %>

app/views/projects/show.rhtml +6 0

@@ -1,3 +1,9
		1	<div class="contextual">
		2	<% if User.current.allowed_to?(:add_subprojects, @project) %>
		3	<%= link_to l(:label_subproject_new), {:controller => 'projects', :action => 'add', :parent_id => @project}, :class => 'icon icon-add' %>
		4	<% end %>
		5	</div>
		6
1	<h2><%=l(:label_overview)%></h2>	7	<h2><%=l(:label_overview)%></h2>
2		8
3	<div class="splitcontentleft">	9	<div class="splitcontentleft">

config/locales/bg.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/bs.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/ca.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/cs.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/da.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/de.yml +2 0

               label_missing_api_access_key: Missing an API access key
               label_missing_feeds_access_key: Missing a RSS access key
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/el.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/en.yml +2 0

               setting_rest_api_enabled: Enable REST web service
               permission_add_project: Create project
+              permission_add_subprojects: Create subprojects
               permission_edit_project: Edit project
               permission_select_project_modules: Select project modules
               permission_manage_members: Manage members
               label_auth_source_new: New authentication mode
               label_auth_source_plural: Authentication modes
               label_subproject_plural: Subprojects
+              label_subproject_new: New subproject
               label_and_its_subprojects: "{{value}} and its subprojects"
               label_min_max_length: Min - Max length
               label_list: List

config/locales/es.yml +2 0

               button_show: Mostrar
               text_line_separated: Múltiples valores permitidos (un valor en cada línea).
               setting_mail_handler_body_delimiters: Truncar correos tras una de estas líneas
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/fi.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/fr.yml +2 0

               setting_rest_api_enabled: Activer l'API REST
               permission_add_project: Créer un projet
+              permission_add_subprojects: Créer des sous-projets
               permission_edit_project: Modifier le projet
               permission_select_project_modules: Choisir les modules
               permission_manage_members: Gérer les members
               label_auth_source_new: Nouveau mode d'authentification
               label_auth_source_plural: Modes d'authentification
               label_subproject_plural: Sous-projets
+              label_subproject_new: Nouveau sous-projet
               label_and_its_subprojects: "{{value}} et ses sous-projets"
               label_min_max_length: Longueurs mini - maxi
               label_list: Liste

config/locales/gl.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/he.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/hu.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/id.yml +2 0

               error_workflow_copy_source: Please select a source tracker or role
               setting_start_of_week: Start calendars on
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/it.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/ja.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/ko.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/lt.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/nl.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/no.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/pl.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/pt-BR.yml +2 0

               label_missing_feeds_access_key: Chave de acesso ao RSS faltando
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/pt.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/ro.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/ru.yml +2 0

               label_missing_api_access_key: Missing an API access key
               label_missing_feeds_access_key: Missing a RSS access key
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/sk.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/sl.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/sr.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/sv.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/th.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/tr.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/uk.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/vi.yml +2 0

               button_show: Show
               text_line_separated: Multiple values allowed (one line for each value).
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/zh-TW.yml +2 0

               enumeration_doc_categories: 文件分類
               enumeration_activities: 活動 (時間追蹤)
               enumeration_system_activity: 系統活動
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

config/locales/zh.yml +2 0

               label_missing_api_access_key: Missing an API access key
               label_missing_feeds_access_key: Missing a RSS access key
               setting_mail_handler_body_delimiters: Truncate emails after one of these lines
+              permission_add_subprojects: Create subprojects
+              label_subproject_new: New subproject

lib/redmine.rb +1 0

               map.permission :select_project_modules, {:projects => :modules}, :require => :member
               map.permission :manage_members, {:projects => :settings, :members => [:new, :edit, :destroy, :autocomplete_for_member]}, :require => :member
               map.permission :manage_versions, {:projects => [:settings, :add_version], :versions => [:edit, :close_completed, :destroy]}, :require => :member
+              map.permission :add_subprojects, {:projects => :add}, :require => :member
               map.project_module :issue_tracking do |map|
                 # Issue categories

test/functional/projects_controller_test.rb +155 -63

@@ -89,71 +89,163 class ProjectsControllerTest < ActionController::TestCase
89	)	89	)
90	end	90	end
91		91
92	def test_get_add	92	context "#add" do
93	@request.session[:user_id] = 1	93	context "by admin user" do
94	~~get~~ ~~:add~~	94	setup do
95	assert_response :success	95	@request.session[:user_id] = 1
96	assert_template 'add'	96	end
97	end	97
98		98	should "accept get" do
99	def test_get_add_by_non_admin	99	get :add
100	@request.session[:user_id] = 2	100	assert_response :success
101	get :add	101	assert_template 'add'
102	assert_response :success	102	end
103	assert_template 'add'	103
104	end	104	should "accept post" do
105		105	post :add, :project => { :name => "blog",
106	def test_post_add	106	:description => "weblog",
107	@request.session[:user_id] = 1	107	:identifier => "blog",
108	post :add, :project => { :name => "blog",	108	:is_public => 1,
109	:description => "weblog",	109	:custom_field_values => { '3' => 'Beta' }
110	~~:identifier~~ => ~~"blog"~~,	110	}
111	:is_public => 1,	111	assert_redirected_to '/projects/blog/settings'
112	:custom_field_values => { '3' => 'Beta' }	112
113	}	113	project = Project.find_by_name('blog')
114	assert_redirected_to '/projects/blog/settings'	114	assert_kind_of Project, project
115		115	assert_equal 'weblog', project.description
116	project = Project.find_by_name('blog')	116	assert_equal true, project.is_public?
117	assert_kind_of Project, project	117	assert_nil project.parent
118	assert_equal 'weblog', project.description	118	end
119	assert_equal true, project.is_public?	119
120	assert_nil project.parent	120	should "accept post with parent" do
121	end	121	post :add, :project => { :name => "blog",
122		122	:description => "weblog",
123	def test_post_add_subproject	123	:identifier => "blog",
124	@request.session[:user_id] = 1	124	:is_public => 1,
125	post :add, :project => { :name => "blog",	125	:custom_field_values => { '3' => 'Beta' },
126	~~:description~~ => ~~"weblog"~~,	126	:parent_id => 1
127	~~:identifier~~ => ~~"blog"~~,	127	}
128	:is_public => 1,	128	assert_redirected_to '/projects/blog/settings'
129	:custom_field_values => { '3' => 'Beta' },	129
130	:parent_id => 1	130	project = Project.find_by_name('blog')
131	}	131	assert_kind_of Project, project
132	assert_redirected_to '/projects/blog/settings'	132	assert_equal Project.find(1), project.parent
133		133	end
134	project = Project.find_by_name('blog')	134	end
135	assert_kind_of Project, project
136	assert_equal Project.find(1), project.parent
137	end
138
139	def test_post_add_by_non_admin
140	@request.session[:user_id] = 2
141	post :add, :project => { :name => "blog",
142	:description => "weblog",
143	:identifier => "blog",
144	:is_public => 1,
145	:custom_field_values => { '3' => 'Beta' }
146	}
147	assert_redirected_to '/projects/blog/settings'
148		135
149	project = Project.find_by_name('blog')	136	context "by non-admin user with add_project permission" do
150	assert_kind_of Project, project	137	setup do
151	assert_equal 'weblog', project.description	138	Role.non_member.add_permission! :add_project
152	assert_equal true, project.is_public?	139	@request.session[:user_id] = 9
		140	end
		141
		142	should "accept get" do
		143	get :add
		144	assert_response :success
		145	assert_template 'add'
		146	assert_no_tag :select, :attributes => {:name => 'project[parent_id]'}
		147	end
		148
		149	should "accept post" do
		150	post :add, :project => { :name => "blog",
		151	:description => "weblog",
		152	:identifier => "blog",
		153	:is_public => 1,
		154	:custom_field_values => { '3' => 'Beta' }
		155	}
		156
		157	assert_redirected_to '/projects/blog/settings'
		158
		159	project = Project.find_by_name('blog')
		160	assert_kind_of Project, project
		161	assert_equal 'weblog', project.description
		162	assert_equal true, project.is_public?
		163
		164	# User should be added as a project member
		165	assert User.find(9).member_of?(project)
		166	assert_equal 1, project.members.size
		167	end
		168
		169	should "fail with parent_id" do
		170	assert_no_difference 'Project.count' do
		171	post :add, :project => { :name => "blog",
		172	:description => "weblog",
		173	:identifier => "blog",
		174	:is_public => 1,
		175	:custom_field_values => { '3' => 'Beta' },
		176	:parent_id => 1
		177	}
		178	end
		179	assert_response :success
		180	project = assigns(:project)
		181	assert_kind_of Project, project
		182	assert_not_nil project.errors.on(:parent_id)
		183	end
		184	end
153		185
154	# User should be added as a project member	186	context "by non-admin user with add_subprojects permission" do
155	assert User.find(2).member_of?(project)	187	setup do
156	assert_equal 1, project.members.size	188	Role.find(1).remove_permission! :add_project
		189	Role.find(1).add_permission! :add_subprojects
		190	@request.session[:user_id] = 2
		191	end
		192
		193	should "accept get" do
		194	get :add, :parent_id => 'ecookbook'
		195	assert_response :success
		196	assert_template 'add'
		197	# parent project selected
		198	assert_tag :select, :attributes => {:name => 'project[parent_id]'},
		199	:child => {:tag => 'option', :attributes => {:value => '1', :selected => 'selected'}}
		200	# no empty value
		201	assert_no_tag :select, :attributes => {:name => 'project[parent_id]'},
		202	:child => {:tag => 'option', :attributes => {:value => ''}}
		203	end
		204
		205	should "accept post with parent_id" do
		206	post :add, :project => { :name => "blog",
		207	:description => "weblog",
		208	:identifier => "blog",
		209	:is_public => 1,
		210	:custom_field_values => { '3' => 'Beta' },
		211	:parent_id => 1
		212	}
		213	assert_redirected_to '/projects/blog/settings'
		214	project = Project.find_by_name('blog')
		215	end
		216
		217	should "fail without parent_id" do
		218	assert_no_difference 'Project.count' do
		219	post :add, :project => { :name => "blog",
		220	:description => "weblog",
		221	:identifier => "blog",
		222	:is_public => 1,
		223	:custom_field_values => { '3' => 'Beta' }
		224	}
		225	end
		226	assert_response :success
		227	project = assigns(:project)
		228	assert_kind_of Project, project
		229	assert_not_nil project.errors.on(:parent_id)
		230	end
		231
		232	should "fail with unauthorized parent_id" do
		233	assert !User.find(2).member_of?(Project.find(6))
		234	assert_no_difference 'Project.count' do
		235	post :add, :project => { :name => "blog",
		236	:description => "weblog",
		237	:identifier => "blog",
		238	:is_public => 1,
		239	:custom_field_values => { '3' => 'Beta' },
		240	:parent_id => 6
		241	}
		242	end
		243	assert_response :success
		244	project = assigns(:project)
		245	assert_kind_of Project, project
		246	assert_not_nil project.errors.on(:parent_id)
		247	end
		248	end
157	end	249	end
158		250
159	def test_show_routing	251	def test_show_routing

test/unit/project_test.rb +1 -1

                 user = User.find(9)
                 assert user.memberships.empty?
                 User.current = user
-                assert Project.new.allowed_parents.empty?
+                assert Project.new.allowed_parents.compact.empty?
               end
               def test_users_by_role

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages