jro_apps/redmine Commit - r13603:c3c7d9a4d27b

Adds a :copy_issues permission (#18855)....

Jean-Philippe Lang -

r13603:c3c7d9a4d27b

parent child

Context file:

r13603:c3c7d9a4d27b

Collapse all files

app/controllers/context_menus_controller.rb +1 -1

                 @can = {:edit => User.current.allowed_to?(:edit_issues, @projects),
                         :log_time => (@project && User.current.allowed_to?(:log_time, @project)),
-                        :copy => User.current.allowed_to?(:add_issues, @projects),
+                        :copy => User.current.allowed_to?(:copy_issues, @projects) && Issue.allowed_target_projects.any?,
                         :delete => User.current.allowed_to?(:delete_issues, @projects)
                         }
                 if @project

app/controllers/issues_controller.rb +25 0

               end
               def create
+                unless User.current.allowed_to?(:add_issues, @issue.project)
+                  raise ::Unauthorized
+                end
                 call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
                 @issue.save_attachments(params[:attachments] || (params[:issue] && params[:issue][:uploads]))
                 if @issue.save
                 @copy = params[:copy].present?
                 @notes = params[:notes]
+                if @copy
+                  unless User.current.allowed_to?(:copy_issues, @projects)
+                    raise ::Unauthorized
+                  end
+                end
                 @allowed_projects = Issue.allowed_target_projects
                 if params[:issue]
                   @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:issue][:project_id].to_s}
                 @copy = params[:copy].present?
                 attributes = parse_params_for_bulk_issue_attributes(params)
+                if @copy
+                  unless User.current.allowed_to?(:copy_issues, @projects)
+                    raise ::Unauthorized
+                  end
+                  target_projects = @projects
+                  if attributes['project_id'].present?
+                    target_projects = Project.where(:id => attributes['project_id']).to_a
+                  end
+                  unless User.current.allowed_to?(:add_issues, target_projects)
+                    raise ::Unauthorized
+                  end
+                end
                 unsaved_issues = []
                 saved_issues = []
                     begin
                       @issue.init_journal(User.current)
                       @copy_from = Issue.visible.find(params[:copy_from])
+                      unless User.current.allowed_to?(:copy_issues, @copy_from.project)
+                        raise ::Unauthorized
+                      end
                       @link_copy = link_copy?(params[:link_copy]) || request.get?
                       @copy_attachments = params[:copy_attachments].present? || request.get?
                       @copy_subtasks = params[:copy_subtasks].present? || request.get?

app/helpers/application_helper.rb +5 -2

               def project_tree_options_for_select(projects, options = {})
                 s = ''.html_safe
-                if options[:include_blank]
+                if blank_text = options[:include_blank]
-                  s << content_tag('option', '&nbsp;'.html_safe, :value => '')
+                  if blank_text == true
+                    blank_text = '&nbsp;'.html_safe
+                  end
+                  s << content_tag('option', blank_text, :value => '')
                 end
                 project_tree(projects) do |project, level|
                   name_prefix = (level > 0 ? '&nbsp;' * 2 * level + '&#187; ' : '').html_safe

app/models/issue.rb +3 0

                 names = super
                 names -= disabled_core_fields
                 names -= read_only_attribute_names(user)
+                if new_record? && copy?
+                  names |= %w(project_id)
+                end
                 names
               end

app/views/issues/_action_menu.html.erb +1 -1

             <%= link_to l(:button_edit), edit_issue_path(@issue), :onclick => 'showAndScrollTo("update", "issue_notes"); return false;', :class => 'icon icon-edit', :accesskey => accesskey(:edit) if @issue.editable? %>
             <%= link_to l(:button_log_time), new_issue_time_entry_path(@issue), :class => 'icon icon-time-add' if User.current.allowed_to?(:log_time, @project) %>
             <%= watcher_link(@issue, User.current) %>
-            <%= link_to l(:button_copy), project_copy_issue_path(@project, @issue), :class => 'icon icon-copy' if User.current.allowed_to?(:add_issues, @project) %>
+            <%= link_to l(:button_copy), project_copy_issue_path(@project, @issue), :class => 'icon icon-copy' if User.current.allowed_to?(:copy_issues, @project) && Issue.allowed_target_projects.any? %>
             <%= link_to l(:button_delete), issue_path(@issue), :data => {:confirm => issues_destroy_confirmation_message(@issue)}, :method => :delete, :class => 'icon icon-del' if User.current.allowed_to?(:delete_issues, @project) %>
             </div>

app/views/issues/bulk_edit.html.erb +3 -2

             <p>
               <label for="issue_project_id"><%= l(:field_project) %></label>
               <%= select_tag('issue[project_id]',
-                             content_tag('option', l(:label_no_change_option), :value => '') +
+                             project_tree_options_for_select(@allowed_projects,
-                               project_tree_options_for_select(@allowed_projects, :selected => @target_project),
+                               :include_blank => ((!@copy || (@projects & @allowed_projects == @projects)) ? l(:label_no_change_option) : false),
+                               :selected => @target_project),
                              :onchange => "updateBulkEditFrom('#{escape_javascript url_for(:action => 'bulk_edit', :format => 'js')}')") %>
             </p>
             <% end %>

config/locales/en.yml +1 0

               permission_view_issues: View Issues
               permission_add_issues: Add issues
               permission_edit_issues: Edit issues
+              permission_copy_issues: Copy issues
               permission_manage_issue_relations: Manage issue relations
               permission_set_issues_private: Set issues public or private
               permission_set_own_issues_private: Set own issues public or private

config/locales/fr.yml +1 0

               permission_view_issues: Voir les demandes
               permission_add_issues: Créer des demandes
               permission_edit_issues: Modifier les demandes
+              permission_copy_issues: Copier les demandes
               permission_manage_issue_relations: Gérer les relations
               permission_set_issues_private: Rendre les demandes publiques ou privées
               permission_set_own_issues_private: Rendre ses propres demandes publiques ou privées

lib/redmine.rb +1 0

                                               :read => true
                 map.permission :add_issues, {:issues => [:new, :create, :update_form], :attachments => :upload}
                 map.permission :edit_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update, :update_form], :journals => [:new], :attachments => :upload}
+                map.permission :copy_issues, {:issues => [:new, :create, :bulk_edit, :bulk_update, :update_form], :attachments => :upload}
                 map.permission :manage_issue_relations, {:issue_relations => [:index, :show, :create, :destroy]}
                 map.permission :manage_subtasks, {}
                 map.permission :set_issues_private, {}

test/fixtures/roles.yml +2 0

                 - :view_issues
                 - :add_issues
                 - :edit_issues
+                - :copy_issues
                 - :manage_issue_relations
                 - :manage_subtasks
                 - :add_issue_notes
                 - :view_issues
                 - :add_issues
                 - :edit_issues
+                - :copy_issues
                 - :manage_issue_relations
                 - :manage_subtasks
                 - :add_issue_notes

test/functional/issues_controller_test.rb +66 0

@@ -2473,6 +2473,20 class IssuesControllerTest < ActionController::TestCase
2473	assert_select '#main-menu a.new-issue[href="/projects/ecookbook/issues/new"]'	2473	assert_select '#main-menu a.new-issue[href="/projects/ecookbook/issues/new"]'
2474	end	2474	end
2475		2475
		2476	def test_new_as_copy_without_add_issues_permission_should_not_propose_current_project_as_target
		2477	user = setup_user_with_copy_but_not_add_permission
		2478
		2479	@request.session[:user_id] = user.id
		2480	get :new, :project_id => 1, :copy_from => 1
		2481
		2482	assert_response :success
		2483	assert_template 'new'
		2484	assert_select 'select[name=?]', 'issue[project_id]' do
		2485	assert_select 'option[value="1"]', 0
		2486	assert_select 'option[value="2"]', :text => 'OnlineStore'
		2487	end
		2488	end
		2489
2476	def test_new_as_copy_with_attachments_should_show_copy_attachments_checkbox	2490	def test_new_as_copy_with_attachments_should_show_copy_attachments_checkbox
2477	@request.session[:user_id] = 2	2491	@request.session[:user_id] = 2
2478	issue = Issue.find(3)	2492	issue = Issue.find(3)
@@ -3770,9 +3784,26 class IssuesControllerTest < ActionController::TestCase
3770	assert_not_nil issues	3784	assert_not_nil issues
3771	assert_equal [1, 2, 3], issues.map(&:id).sort	3785	assert_equal [1, 2, 3], issues.map(&:id).sort
3772		3786
		3787	assert_select 'select[name=?]', 'issue[project_id]' do
		3788	assert_select 'option[value=""]'
		3789	end
3773	assert_select 'input[name=copy_attachments]'	3790	assert_select 'input[name=copy_attachments]'
3774	end	3791	end
3775		3792
		3793	def test_get_bulk_copy_without_add_issues_permission_should_not_propose_current_project_as_target
		3794	user = setup_user_with_copy_but_not_add_permission
		3795	@request.session[:user_id] = user.id
		3796
		3797	get :bulk_edit, :ids => [1, 2, 3], :copy => '1'
		3798	assert_response :success
		3799	assert_template 'bulk_edit'
		3800
		3801	assert_select 'select[name=?]', 'issue[project_id]' do
		3802	assert_select 'option[value=""]', 0
		3803	assert_select 'option[value="2"]'
		3804	end
		3805	end
		3806
3776	def test_bulk_copy_to_another_project	3807	def test_bulk_copy_to_another_project
3777	@request.session[:user_id] = 2	3808	@request.session[:user_id] = 2
3778	assert_difference 'Issue.count', 2 do	3809	assert_difference 'Issue.count', 2 do
@@ -3788,6 +3819,32 class IssuesControllerTest < ActionController::TestCase
3788	end	3819	end
3789	end	3820	end
3790		3821
		3822	def test_bulk_copy_without_add_issues_permission_should_be_allowed_on_project_with_permission
		3823	user = setup_user_with_copy_but_not_add_permission
		3824	@request.session[:user_id] = user.id
		3825
		3826	assert_difference 'Issue.count', 3 do
		3827	post :bulk_update, :ids => [1, 2, 3], :issue => {:project_id => '2'}, :copy => '1'
		3828	assert_response 302
		3829	end
		3830	end
		3831
		3832	def test_bulk_copy_on_same_project_without_add_issues_permission_should_be_denied
		3833	user = setup_user_with_copy_but_not_add_permission
		3834	@request.session[:user_id] = user.id
		3835
		3836	post :bulk_update, :ids => [1, 2, 3], :issue => {:project_id => ''}, :copy => '1'
		3837	assert_response 403
		3838	end
		3839
		3840	def test_bulk_copy_on_different_project_without_add_issues_permission_should_be_denied
		3841	user = setup_user_with_copy_but_not_add_permission
		3842	@request.session[:user_id] = user.id
		3843
		3844	post :bulk_update, :ids => [1, 2, 3], :issue => {:project_id => '1'}, :copy => '1'
		3845	assert_response 403
		3846	end
		3847
3791	def test_bulk_copy_should_allow_not_changing_the_issue_attributes	3848	def test_bulk_copy_should_allow_not_changing_the_issue_attributes
3792	@request.session[:user_id] = 2	3849	@request.session[:user_id] = 2
3793	issues = [	3850	issues = [
@@ -4079,4 +4136,13 class IssuesControllerTest < ActionController::TestCase
4079	assert_select 'input[name=issues][value="1"][type=hidden]'	4136	assert_select 'input[name=issues][value="1"][type=hidden]'
4080	end	4137	end
4081	end	4138	end
		4139
		4140	def setup_user_with_copy_but_not_add_permission
		4141	Role.all.each {\|r\| r.remove_permission! :add_issues}
		4142	Role.find_by_name('Manager').add_permission! :add_issues
		4143	user = User.generate!
		4144	User.add_to_project(user, Project.find(1), Role.find_by_name('Developer'))
		4145	User.add_to_project(user, Project.find(2), Role.find_by_name('Manager'))
		4146	user
		4147	end
4082	end	4148	end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages