| @@ -283,14 +283,7 class IssuesController < ApplicationController | |||
|
|
283 | 283 | |
|
|
284 | 284 | def move |
|
|
285 | 285 | @copy = params[:copy_options] && params[:copy_options][:copy] |
|
|
286 | @allowed_projects = [] | |
|
|
287 | # find projects to which the user is allowed to move the issue | |
|
|
288 | if User.current.admin? | |
|
|
289 | # admin is allowed to move issues to any active (visible) project | |
|
|
290 | @allowed_projects = Project.find(:all, :conditions => Project.visible_by(User.current)) | |
|
|
291 | else | |
|
|
292 | User.current.memberships.each {|m| @allowed_projects << m.project if m.roles.detect {|r| r.allowed_to?(:move_issues)}} | |
|
|
293 | end | |
|
|
286 | @allowed_projects = Issue.allowed_target_projects_on_move | |
|
|
294 | 287 | @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id] |
|
|
295 | 288 | @target_project ||= @project |
|
|
296 | 289 | @trackers = @target_project.trackers |
| @@ -389,6 +389,22 class Issue < ActiveRecord::Base | |||
|
|
389 | 389 | Issue.update_versions(["#{Version.table_name}.project_id IN (?) OR #{Issue.table_name}.project_id IN (?)", moved_project_ids, moved_project_ids]) |
|
|
390 | 390 | end |
|
|
391 | 391 | |
|
|
392 | # Returns an array of projects that current user can move issues to | |
|
|
393 | def self.allowed_target_projects_on_move | |
|
|
394 | projects = [] | |
|
|
395 | if User.current.admin? | |
|
|
396 | # admin is allowed to move issues to any active (visible) project | |
|
|
397 | projects = Project.visible.all | |
|
|
398 | elsif User.current.logged? | |
|
|
399 | if Role.non_member.allowed_to?(:move_issues) | |
|
|
400 | projects = Project.visible.all | |
|
|
401 | else | |
|
|
402 | User.current.memberships.each {|m| projects << m.project if m.roles.detect {|r| r.allowed_to?(:move_issues)}} | |
|
|
403 | end | |
|
|
404 | end | |
|
|
405 | projects | |
|
|
406 | end | |
|
|
407 | ||
|
|
392 | 408 | private |
|
|
393 | 409 | |
|
|
394 | 410 | # Update issues so their versions are not pointing to a |
| @@ -599,4 +599,20 class IssueTest < ActiveSupport::TestCase | |||
|
|
599 | 599 | end |
|
|
600 | 600 | end |
|
|
601 | 601 | end |
|
|
602 | ||
|
|
603 | context ".allowed_target_projects_on_move" do | |
|
|
604 | should "return all active projects for admin users" do | |
|
|
605 | User.current = User.find(1) | |
|
|
606 | assert_equal Project.active.count, Issue.allowed_target_projects_on_move.size | |
|
|
607 | end | |
|
|
608 | ||
|
|
609 | should "return allowed projects for non admin users" do | |
|
|
610 | User.current = User.find(2) | |
|
|
611 | Role.non_member.remove_permission! :move_issues | |
|
|
612 | assert_equal 3, Issue.allowed_target_projects_on_move.size | |
|
|
613 | ||
|
|
614 | Role.non_member.add_permission! :move_issues | |
|
|
615 | assert_equal Project.active.count, Issue.allowed_target_projects_on_move.size | |
|
|
616 | end | |
|
|
617 | end | |
|
|
602 | 618 | end |
General Comments 0
You need to be logged in to leave comments.
Login now