| @@ -19,7 +19,7 class QueriesController < ApplicationController | |||
|
|
19 | 19 | layout 'base' |
|
|
20 | 20 | menu_item :issues |
|
|
21 | 21 | before_filter :find_query, :except => :new |
|
|
22 |
before_filter :find_project |
|
|
|
22 | before_filter :find_optional_project, :only => :new | |
|
|
23 | 23 | |
|
|
24 | 24 | def new |
|
|
25 | 25 | @query = Query.new(params[:query]) |
| @@ -72,8 +72,9 private | |||
|
|
72 | 72 | render_404 |
|
|
73 | 73 | end |
|
|
74 | 74 | |
|
|
75 | def find_project | |
|
|
76 | @project = Project.find(params[:project_id]) | |
|
|
75 | def find_optional_project | |
|
|
76 | @project = Project.find(params[:project_id]) if params[:project_id] | |
|
|
77 | User.current.allowed_to?(:save_queries, @project, :global => true) | |
|
|
77 | 78 | rescue ActiveRecord::RecordNotFound |
|
|
78 | 79 | render_404 |
|
|
79 | 80 | end |
| @@ -222,17 +222,26 class User < ActiveRecord::Base | |||
|
|
222 | 222 | # action can be: |
|
|
223 | 223 | # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') |
|
|
224 | 224 | # * a permission Symbol (eg. :edit_project) |
|
|
225 | def allowed_to?(action, project) | |
|
|
226 | # No action allowed on archived projects | |
|
|
227 | return false unless project.active? | |
|
|
228 | # No action allowed on disabled modules | |
|
|
229 | return false unless project.allows_to?(action) | |
|
|
230 | # Admin users are authorized for anything else | |
|
|
231 | return true if admin? | |
|
|
232 | ||
|
|
233 | role = role_for_project(project) | |
|
|
234 | return false unless role | |
|
|
235 | role.allowed_to?(action) && (project.is_public? || role.member?) | |
|
|
225 | def allowed_to?(action, project, options={}) | |
|
|
226 | if project | |
|
|
227 | # No action allowed on archived projects | |
|
|
228 | return false unless project.active? | |
|
|
229 | # No action allowed on disabled modules | |
|
|
230 | return false unless project.allows_to?(action) | |
|
|
231 | # Admin users are authorized for anything else | |
|
|
232 | return true if admin? | |
|
|
233 | ||
|
|
234 | role = role_for_project(project) | |
|
|
235 | return false unless role | |
|
|
236 | role.allowed_to?(action) && (project.is_public? || role.member?) | |
|
|
237 | ||
|
|
238 | elsif options[:global] | |
|
|
239 | # authorize if user has at least one role that has this permission | |
|
|
240 | roles = memberships.collect {|m| m.role}.uniq | |
|
|
241 | roles.detect {|r| r.allowed_to?(action)} | |
|
|
242 | else | |
|
|
243 | false | |
|
|
244 | end | |
|
|
236 | 245 | end |
|
|
237 | 246 | |
|
|
238 | 247 | def self.current=(user) |
| @@ -1,6 +1,6 | |||
|
|
1 | <% if @project %> | |
|
|
2 | 1 |
|
|
|
3 | 2 | <%= link_to l(:label_issue_view_all), { :controller => 'issues', :action => 'index', :project_id => @project, :set_filter => 1 } %><br /> |
|
|
3 | <% if @project %> | |
|
|
4 | 4 | <%= link_to l(:field_summary), :controller => 'reports', :action => 'issue_report', :id => @project %><br /> |
|
|
5 | 5 | <%= link_to l(:label_change_log), :controller => 'projects', :action => 'changelog', :id => @project %> |
|
|
6 | 6 | <% end %> |
| @@ -18,7 +18,7 | |||
|
|
18 | 18 | :update => "content", |
|
|
19 | 19 | }, :class => 'icon icon-reload' %> |
|
|
20 | 20 | |
|
|
21 |
<% if |
|
|
|
21 | <% if User.current.allowed_to?(:save_queries, @project, :global => true) %> | |
|
|
22 | 22 | <%= link_to l(:button_save), {}, :onclick => "$('query_form').submit(); return false;", :class => 'icon icon-save' %> |
|
|
23 | 23 | <% end %> |
|
|
24 | 24 | </p> |
| @@ -31,7 +31,7 class QueriesControllerTest < Test::Unit::TestCase | |||
|
|
31 | 31 | User.current = nil |
|
|
32 | 32 | end |
|
|
33 | 33 | |
|
|
34 | def test_get_new | |
|
|
34 | def test_get_new_project_query | |
|
|
35 | 35 | @request.session[:user_id] = 2 |
|
|
36 | 36 | get :new, :project_id => 1 |
|
|
37 | 37 | assert_response :success |
| @@ -45,6 +45,19 class QueriesControllerTest < Test::Unit::TestCase | |||
|
|
45 | 45 | :disabled => nil } |
|
|
46 | 46 | end |
|
|
47 | 47 | |
|
|
48 | def test_get_new_global_query | |
|
|
49 | @request.session[:user_id] = 2 | |
|
|
50 | get :new | |
|
|
51 | assert_response :success | |
|
|
52 | assert_template 'new' | |
|
|
53 | assert_no_tag :tag => 'input', :attributes => { :type => 'checkbox', | |
|
|
54 | :name => 'query[is_public]' } | |
|
|
55 | assert_tag :tag => 'input', :attributes => { :type => 'checkbox', | |
|
|
56 | :name => 'query_is_for_all', | |
|
|
57 | :checked => 'checked', | |
|
|
58 | :disabled => nil } | |
|
|
59 | end | |
|
|
60 | ||
|
|
48 | 61 | def test_new_project_public_query |
|
|
49 | 62 | @request.session[:user_id] = 2 |
|
|
50 | 63 | post :new, |
| @@ -54,8 +67,7 class QueriesControllerTest < Test::Unit::TestCase | |||
|
|
54 | 67 | :fields => ["status_id", "assigned_to_id"], |
|
|
55 | 68 | :operators => {"assigned_to_id" => "=", "status_id" => "o"}, |
|
|
56 | 69 | :values => { "assigned_to_id" => ["1"], "status_id" => ["1"]}, |
|
|
57 |
:query => {"name" => "test_new_project_public_query", "is_public" => "1"} |
|
|
|
58 | :column_names => ["", "tracker", "status", "priority", "subject", "updated_on", "category"] | |
|
|
70 | :query => {"name" => "test_new_project_public_query", "is_public" => "1"} | |
|
|
59 | 71 | |
|
|
60 | 72 | q = Query.find_by_name('test_new_project_public_query') |
|
|
61 | 73 | assert_redirected_to :controller => 'issues', :action => 'index', :query_id => q |
| @@ -73,8 +85,7 class QueriesControllerTest < Test::Unit::TestCase | |||
|
|
73 | 85 | :fields => ["status_id", "assigned_to_id"], |
|
|
74 | 86 | :operators => {"assigned_to_id" => "=", "status_id" => "o"}, |
|
|
75 | 87 | :values => { "assigned_to_id" => ["1"], "status_id" => ["1"]}, |
|
|
76 |
:query => {"name" => "test_new_project_private_query", "is_public" => "1"} |
|
|
|
77 | :column_names => ["", "tracker", "status", "priority", "subject", "updated_on", "category"] | |
|
|
88 | :query => {"name" => "test_new_project_private_query", "is_public" => "1"} | |
|
|
78 | 89 | |
|
|
79 | 90 | q = Query.find_by_name('test_new_project_private_query') |
|
|
80 | 91 | assert_redirected_to :controller => 'issues', :action => 'index', :query_id => q |
| @@ -83,6 +94,23 class QueriesControllerTest < Test::Unit::TestCase | |||
|
|
83 | 94 | assert q.valid? |
|
|
84 | 95 | end |
|
|
85 | 96 | |
|
|
97 | def test_new_global_private_query_with_custom_columns | |
|
|
98 | @request.session[:user_id] = 3 | |
|
|
99 | post :new, | |
|
|
100 | :confirm => '1', | |
|
|
101 | :fields => ["status_id", "assigned_to_id"], | |
|
|
102 | :operators => {"assigned_to_id" => "=", "status_id" => "o"}, | |
|
|
103 | :values => { "assigned_to_id" => ["me"], "status_id" => ["1"]}, | |
|
|
104 | :query => {"name" => "test_new_global_private_query", "is_public" => "1", "column_names" => ["", "tracker", "subject", "priority", "category"]} | |
|
|
105 | ||
|
|
106 | q = Query.find_by_name('test_new_global_private_query') | |
|
|
107 | assert_redirected_to :controller => 'issues', :action => 'index', :query_id => q | |
|
|
108 | assert !q.is_public? | |
|
|
109 | assert !q.has_default_columns? | |
|
|
110 | assert_equal [:tracker, :subject, :priority, :category], q.columns.collect {|c| c.name} | |
|
|
111 | assert q.valid? | |
|
|
112 | end | |
|
|
113 | ||
|
|
86 | 114 | def test_get_edit_global_public_query |
|
|
87 | 115 | @request.session[:user_id] = 1 |
|
|
88 | 116 | get :edit, :id => 4 |
| @@ -106,8 +134,7 class QueriesControllerTest < Test::Unit::TestCase | |||
|
|
106 | 134 | :fields => ["status_id", "assigned_to_id"], |
|
|
107 | 135 | :operators => {"assigned_to_id" => "=", "status_id" => "o"}, |
|
|
108 | 136 | :values => { "assigned_to_id" => ["1"], "status_id" => ["1"]}, |
|
|
109 |
:query => {"name" => "test_edit_global_public_query", "is_public" => "1"} |
|
|
|
110 | :column_names => ["", "tracker", "status", "priority", "subject", "updated_on", "category"] | |
|
|
137 | :query => {"name" => "test_edit_global_public_query", "is_public" => "1"} | |
|
|
111 | 138 | |
|
|
112 | 139 | assert_redirected_to :controller => 'issues', :action => 'index', :query_id => 4 |
|
|
113 | 140 | q = Query.find_by_name('test_edit_global_public_query') |
| @@ -138,8 +165,7 class QueriesControllerTest < Test::Unit::TestCase | |||
|
|
138 | 165 | :fields => ["status_id", "assigned_to_id"], |
|
|
139 | 166 | :operators => {"assigned_to_id" => "=", "status_id" => "o"}, |
|
|
140 | 167 | :values => { "assigned_to_id" => ["me"], "status_id" => ["1"]}, |
|
|
141 |
:query => {"name" => "test_edit_global_private_query", "is_public" => "1"} |
|
|
|
142 | :column_names => ["", "tracker", "status", "priority", "subject", "updated_on", "category"] | |
|
|
168 | :query => {"name" => "test_edit_global_private_query", "is_public" => "1"} | |
|
|
143 | 169 | |
|
|
144 | 170 | assert_redirected_to :controller => 'issues', :action => 'index', :query_id => 3 |
|
|
145 | 171 | q = Query.find_by_name('test_edit_global_private_query') |
General Comments 0
You need to be logged in to leave comments.
Login now