Feature #4687 » diff.patch
app/controllers/projects_controller.rb | ||
---|---|---|
22 | 22 |
menu_item :settings, :only => :settings |
23 | 23 |
menu_item :projects, :only => [:index, :new, :copy, :create] |
24 | 24 | |
25 |
before_action :find_project, :except => [ :index, :autocomplete, :list, :new, :create, :copy ]
|
|
26 |
before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
|
|
25 |
before_action :find_project, :except => [ :index, :autocomplete, :list, :new, :create ] |
|
26 |
before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :archive, :unarchive, :destroy] |
|
27 | 27 |
before_action :authorize_global, :only => [:new, :create] |
28 |
before_action :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
|
|
28 |
before_action :require_admin, :only => [ :archive, :unarchive, :destroy ] |
|
29 | 29 |
accept_rss_auth :index |
30 | 30 |
accept_api_auth :index, :show, :create, :update, :destroy |
31 | 31 |
require_sudo_mode :destroy |
... | ... | |
128 | 128 |
end |
129 | 129 | |
130 | 130 |
def copy |
131 |
@project = nil # Reset because source project was set in @project for authorize. |
|
131 | 132 |
@issue_custom_fields = IssueCustomField.sorted.to_a |
132 | 133 |
@trackers = Tracker.sorted.to_a |
133 | 134 |
@source_project = Project.find(params[:id]) |
app/views/projects/show.html.erb | ||
---|---|---|
5 | 5 |
<% if User.current.allowed_to?(:add_subprojects, @project) %> |
6 | 6 |
<%= link_to l(:label_subproject_new), new_project_path(:parent_id => @project), :class => 'icon icon-add' %> |
7 | 7 |
<% end %> |
8 |
<% if User.current.allowed_to?(:copy_project, @project) %> |
|
9 |
<%= link_to(l(:button_copy), copy_project_path(@project), :class => 'icon icon-copy') %> |
|
10 |
<% end %> |
|
8 | 11 |
<% if User.current.allowed_to?(:close_project, @project) %> |
9 | 12 |
<% if @project.active? %> |
10 | 13 |
<%= link_to l(:button_close), close_project_path(@project), :data => {:confirm => l(:text_are_you_sure)}, :method => :post, :class => 'icon icon-lock' %> |
lib/redmine.rb | ||
---|---|---|
88 | 88 |
map.permission :manage_members, {:projects => :settings, :members => [:index, :show, :new, :create, :edit, :update, :destroy, :autocomplete]}, :require => :member |
89 | 89 |
map.permission :manage_versions, {:projects => :settings, :versions => [:new, :create, :edit, :update, :close_completed, :destroy]}, :require => :member |
90 | 90 |
map.permission :add_subprojects, {:projects => [:new, :create]}, :require => :member |
91 |
map.permission :copy_project, {:projects => [:copy]}, :require => :member |
|
91 | 92 |
# Queries |
92 | 93 |
map.permission :manage_public_queries, {:queries => [:new, :create, :edit, :update, :destroy]}, :require => :member |
93 | 94 |
map.permission :save_queries, {:queries => [:new, :create, :edit, :update, :destroy]}, :require => :loggedin |
test/fixtures/roles.yml | ||
---|---|---|
11 | 11 |
- :edit_project |
12 | 12 |
- :close_project |
13 | 13 |
- :select_project_modules |
14 |
- :copy_project |
|
14 | 15 |
- :manage_members |
15 | 16 |
- :manage_versions |
16 | 17 |
- :manage_categories |
test/functional/projects_controller_test.rb | ||
---|---|---|
1087 | 1087 |
end |
1088 | 1088 |
end |
1089 | 1089 | |
1090 |
def test_get_copy |
|
1090 |
def test_get_copy_by_admin_user
|
|
1091 | 1091 |
@request.session[:user_id] = 1 # admin |
1092 |
orig = Project.find(1) # Login user is no member |
|
1093 |
get(:copy, :params => {:id => orig.id}) |
|
1094 |
assert_response :success |
|
1095 | ||
1096 |
assert_select 'textarea[name=?]', 'project[description]', :text => orig.description |
|
1097 |
assert_select 'input[name=?][value=?]', 'project[enabled_module_names][]', 'issue_tracking', 1 |
|
1098 |
end |
|
1099 | ||
1100 |
def test_get_copy_by_non_admin_user_with_copy_project_permission |
|
1101 |
@request.session[:user_id] = 3 |
|
1102 |
Role.find(2).add_permission! :copy_project |
|
1092 | 1103 |
orig = Project.find(1) |
1093 | 1104 |
get(:copy, :params => {:id => orig.id}) |
1094 | 1105 |
assert_response :success |
... | ... | |
1097 | 1108 |
assert_select 'input[name=?][value=?]', 'project[enabled_module_names][]', 'issue_tracking', 1 |
1098 | 1109 |
end |
1099 | 1110 | |
1111 |
def test_get_copy_by_non_admin_user_without_copy_project_permission_should_respond_with_403 |
|
1112 |
@request.session[:user_id] = 3 |
|
1113 |
Role.find(2).remove_permission! :copy_project |
|
1114 |
orig = Project.find(1) |
|
1115 |
get(:copy, :params => {:id => orig.id}) |
|
1116 |
assert_response 403 |
|
1117 |
end |
|
1118 | ||
1100 | 1119 |
def test_get_copy_with_invalid_source_should_respond_with_404 |
1101 | 1120 |
@request.session[:user_id] = 1 |
1102 | 1121 |
get(:copy, :params => {:id => 99}) |