04-parent_project_set_by_manager-0.4.0.patch

Vitaliy Ischenko, 2009-07-06 14:51

Download (3.31 KB)

View differences:

app/controllers/projects_controller.rb
75 75
    else
76 76
      @project.enabled_module_names = params[:enabled_modules]
77 77
      if @project.save
78
        @project.set_parent!(params[:project]['parent_id']) if User.current.admin? && params[:project].has_key?('parent_id')
78
        @project.set_parent!(params[:project]['parent_id']) if user_allowed_to_change_parent?(@project) && params[:project].has_key?('parent_id')
79 79
        # Add current user as a project member if he is not admin
80 80
        unless User.current.admin?
81 81
          r = Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
......
155 155
    if request.post?
156 156
      @project.attributes = params[:project]
157 157
      if @project.save
158
        @project.set_parent!(params[:project]['parent_id']) if User.current.admin? && params[:project].has_key?('parent_id')
158
        @project.set_parent!(params[:project]['parent_id']) if user_allowed_to_change_parent?(@project) && params[:project].has_key?('parent_id')
159 159
        flash[:notice] = l(:notice_successful_update)
160 160
        redirect_to :action => 'settings', :id => @project
161 161
      else
app/helpers/projects_helper.rb
68 68
    end
69 69
    s
70 70
  end
71

  
72
  def user_allowed_to_change_parent?(project)
73
    if project.id == nil
74
      return User.current.allowed_to?(:add_project, nil, :global => true)
75
    end
76

  
77
    User.current.allowed_to?(:add_project, project) && (!project.parent || User.current.allowed_to?(:add_project, project.parent))
78
  end
71 79
end
app/models/project.rb
196 196
  
197 197
  # Returns an array of projects the project can be moved to
198 198
  def possible_parents
199
    @possible_parents ||= (Project.active.find(:all) - self_and_descendants)
199
    @possible_parents ||= (find_allowed_projects - self_and_descendants)
200 200
  end
201 201
  
202 202
  # Sets the parent of the project
......
404 404
  def allowed_actions
405 405
    @actions_allowed ||= allowed_permissions.inject([]) { |actions, permission| actions += Redmine::AccessControl.allowed_actions(permission) }.flatten
406 406
  end
407

  
408
  def find_allowed_projects
409
    Project.active.find(:all).find_all { |p| User.current.allowed_to?(:add_project, p) }
410
  end
407 411
end
app/views/projects/_form.rhtml
4 4
<!--[form:project]-->
5 5
<p><%= f.text_field :name, :required => true %><br /><em><%= l(:text_caracters_maximum, 30) %></em></p>
6 6

  
7
<% if User.current.admin? && !@project.possible_parents.empty? %>
7
<% if user_allowed_to_change_parent?(@project) && !@project.possible_parents.empty? %>
8 8
    <p><label><%= l(:field_parent) %></label><%= parent_project_select_tag(@project) %></p>
9 9
<% end %>
10 10