1248-edit-own-issues-permit.patch

Yuichi HARADA, 2019-02-20 02:52

Download (6.38 KB)

View differences:

app/models/issue.rb
178 178

  
179 179
  # Returns true if user or current user is allowed to edit the issue
180 180
  def attributes_editable?(user=User.current)
181
    user_tracker_permission?(user, :edit_issues)
181
    user_tracker_permission?(user, :edit_issues) || (
182
      user_tracker_permission?(user, :edit_own_issues) && author == user
183
    )
182 184
  end
183 185

  
184 186
  # Overrides Redmine::Acts::Attachable::InstanceMethods#attachments_editable?
config/locales/en.yml
485 485
  permission_view_issues: View Issues
486 486
  permission_add_issues: Add issues
487 487
  permission_edit_issues: Edit issues
488
  permission_edit_own_issues: Edit own issues
488 489
  permission_copy_issues: Copy issues
489 490
  permission_manage_issue_relations: Manage issue relations
490 491
  permission_set_issues_private: Set issues public or private
lib/redmine.rb
100 100
                                  :read => true
101 101
    map.permission :add_issues, {:issues => [:new, :create], :attachments => :upload}
102 102
    map.permission :edit_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update], :journals => [:new], :attachments => :upload}
103
    map.permission :edit_own_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update], :journals => [:new], :attachments => :upload}
103 104
    map.permission :copy_issues, {:issues => [:new, :create, :bulk_edit, :bulk_update], :attachments => :upload}
104 105
    map.permission :manage_issue_relations, {:issue_relations => [:index, :show, :create, :destroy]}
105 106
    map.permission :manage_subtasks, {}
test/functional/context_menus_controller_test.rb
103 103
    assert_select 'a[href=?]', "/issues/bulk_update?#{ids}&issue%5Bassigned_to_id%5D=2", :text => 'John Smith'
104 104
  end
105 105

  
106
  def test_context_menu_by_author_should_selectable_edit_the_own_created_issues
107
    Role.all.each do |r|
108
      r.remove_permission! :edit_issues
109
      r.add_permission! :edit_own_issues
110
    end
111

  
112
    author_id = 2 # jsmith
113
    @request.session[:user_id] = author_id
114

  
115
    # Include author only
116
    assert_equal [author_id], Issue.where(:id => [1, 2]).collect(&:author_id).uniq
117
    get :issues, :params => {
118
        :ids => [1, 2]
119
      }
120
    assert_response :success
121
    assert_select 'a[href=?]', '/issues/bulk_edit?ids%5B%5D=1&ids%5B%5D=2', :text => 'Edit'
122

  
123
    # Including other than authors
124
    assert_not_equal [author_id], Issue.where(:id => [1, 2, 12]).collect(&:author_id).uniq
125
    get :issues, :params => {
126
        :ids => [1, 2, 12]
127
      }
128
    assert_response :success
129
    assert_select 'a.disabled[href=?]', '#', :text => 'Edit'
130
  end
131

  
106 132
  def test_context_menu_should_include_list_custom_fields
107 133
    field = IssueCustomField.create!(:name => 'List', :field_format => 'list',
108 134
      :possible_values => ['Foo', 'Bar'], :is_for_all => true, :tracker_ids => [1, 2, 3])
......
317 343
  def test_time_entries_context_menu_without_edit_permission
318 344
    @request.session[:user_id] = 2
319 345
    Role.find_by_name('Manager').remove_permission! :edit_time_entries
320
    
346

  
321 347
    get :time_entries, :params => {
322 348
        :ids => [1, 2]
323 349
      }
test/functional/issues_controller_test.rb
4525 4525
    assert_select 'input[name=?]', 'time_entry[hours]', 0
4526 4526
  end
4527 4527

  
4528
  def test_get_edit_should_display_the_change_properties_area_with_attributes_editable_permission
4529
    @request.session[:user_id] = 2 # jsmith
4530
    role_manager = Role.find_by_name('Manager') # jsmith's role
4531

  
4532
    role_manager.remove_permission! :edit_issues, :edit_own_issues
4533
    role_manager.add_permission! :edit_issues
4534
    get :edit, :params => {
4535
        :id => 1
4536
      }
4537
    assert_response :success
4538
    assert_select '#all_attributes', :count => 1
4539

  
4540
    role_manager.remove_permission! :edit_issues, :edit_own_issues
4541
    role_manager.add_permission! :edit_own_issues
4542
    get :edit, :params => {
4543
        :id => 1
4544
      }
4545
    assert_response :success
4546
    assert_select '#all_attributes', :count => 1
4547

  
4548
    role_manager.remove_permission! :edit_issues, :edit_own_issues
4549
    role_manager.add_permission! :edit_issues, :edit_own_issues
4550
    get :edit, :params => {
4551
        :id => 1
4552
      }
4553
    assert_response :success
4554
    assert_select '#all_attributes', :count => 1
4555
  end
4556

  
4557
  def test_get_edit_should_not_display_the_change_properties_area_without_attributes_editable_permission
4558
    @request.session[:user_id] = 2 # jsmith
4559

  
4560
    Role.find_by_name('Manager').remove_permission! :edit_issues, :edit_own_issues
4561
    get :edit, :params => {
4562
        :id => 1
4563
      }
4564
    assert_response :success
4565
    assert_select '#all_attributes', :count => 0
4566
  end
4567

  
4528 4568
  def test_get_edit_with_params
4529 4569
    @request.session[:user_id] = 2
4530 4570
    get :edit, :params => {
test/unit/issue_test.rb
541 541
    assert_equal false, issue.deletable?(user)
542 542
  end
543 543

  
544
  def test_issue_should_editable_by_author
545
    Role.all.each do |r|
546
      r.remove_permission! :edit_issues
547
      r.add_permission! :edit_own_issues
548
    end
549

  
550
    issue = Issue.find(1)
551
    user = User.find_by_login('jsmith')
552

  
553
    # author
554
    assert_equal user, issue.author
555
    assert_equal true, issue.attributes_editable?(user)
556

  
557
    # not author
558
    assert_equal false, issue.attributes_editable?(User.find_by_login('dlopper'))
559
  end
560

  
544 561
  def test_errors_full_messages_should_include_custom_fields_errors
545 562
    field = IssueCustomField.find_by_name('Database')
546 563