diff.patch

Mizuki ISHIKAWA, 2020-02-19 07:08

Download (5.08 KB)

View differences:

app/controllers/projects_controller.rb
22 22
  menu_item :settings, :only => :settings
23 23
  menu_item :projects, :only => [:index, :new, :copy, :create]
24 24

  
25
  before_action :find_project, :except => [ :index, :autocomplete, :list, :new, :create, :copy ]
26
  before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
25
  before_action :find_project, :except => [ :index, :autocomplete, :list, :new, :create ]
26
  before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :archive, :unarchive, :destroy]
27 27
  before_action :authorize_global, :only => [:new, :create]
28
  before_action :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
28
  before_action :require_admin, :only => [ :archive, :unarchive, :destroy ]
29 29
  accept_rss_auth :index
30 30
  accept_api_auth :index, :show, :create, :update, :destroy
31 31
  require_sudo_mode :destroy
......
128 128
  end
129 129

  
130 130
  def copy
131
    @project = nil # Reset because source project was set in @project for authorize.
131 132
    @issue_custom_fields = IssueCustomField.sorted.to_a
132 133
    @trackers = Tracker.sorted.to_a
133 134
    @source_project = Project.find(params[:id])
app/views/projects/show.html.erb
5 5
  <% if User.current.allowed_to?(:add_subprojects, @project) %>
6 6
    <%= link_to l(:label_subproject_new), new_project_path(:parent_id => @project), :class => 'icon icon-add' %>
7 7
  <% end %>
8
  <% if User.current.allowed_to?(:copy_project, @project) %>
9
    <%= link_to(l(:button_copy), copy_project_path(@project), :class => 'icon icon-copy') %>
10
  <% end %>
8 11
  <% if User.current.allowed_to?(:close_project, @project) %>
9 12
    <% if @project.active? %>
10 13
      <%= link_to l(:button_close), close_project_path(@project), :data => {:confirm => l(:text_are_you_sure)}, :method => :post, :class => 'icon icon-lock' %>
lib/redmine.rb
88 88
  map.permission :manage_members, {:projects => :settings, :members => [:index, :show, :new, :create, :edit, :update, :destroy, :autocomplete]}, :require => :member
89 89
  map.permission :manage_versions, {:projects => :settings, :versions => [:new, :create, :edit, :update, :close_completed, :destroy]}, :require => :member
90 90
  map.permission :add_subprojects, {:projects => [:new, :create]}, :require => :member
91
  map.permission :copy_project, {:projects => [:copy]}, :require => :member
91 92
  # Queries
92 93
  map.permission :manage_public_queries, {:queries => [:new, :create, :edit, :update, :destroy]}, :require => :member
93 94
  map.permission :save_queries, {:queries => [:new, :create, :edit, :update, :destroy]}, :require => :loggedin
test/fixtures/roles.yml
11 11
    - :edit_project
12 12
    - :close_project
13 13
    - :select_project_modules
14
    - :copy_project
14 15
    - :manage_members
15 16
    - :manage_versions
16 17
    - :manage_categories
test/functional/projects_controller_test.rb
1087 1087
    end
1088 1088
  end
1089 1089

  
1090
  def test_get_copy
1090
  def test_get_copy_by_admin_user
1091 1091
    @request.session[:user_id] = 1 # admin
1092
    orig = Project.find(1) # Login user is no member
1093
    get(:copy, :params => {:id => orig.id})
1094
    assert_response :success
1095

  
1096
    assert_select 'textarea[name=?]', 'project[description]', :text => orig.description
1097
    assert_select 'input[name=?][value=?]', 'project[enabled_module_names][]', 'issue_tracking', 1
1098
  end
1099

  
1100
  def test_get_copy_by_non_admin_user_with_copy_project_permission
1101
    @request.session[:user_id] = 3
1102
    Role.find(2).add_permission! :copy_project
1092 1103
    orig = Project.find(1)
1093 1104
    get(:copy, :params => {:id => orig.id})
1094 1105
    assert_response :success
......
1097 1108
    assert_select 'input[name=?][value=?]', 'project[enabled_module_names][]', 'issue_tracking', 1
1098 1109
  end
1099 1110

  
1111
  def test_get_copy_by_non_admin_user_without_copy_project_permission_should_respond_with_403
1112
    @request.session[:user_id] = 3
1113
    Role.find(2).remove_permission! :copy_project
1114
    orig = Project.find(1)
1115
    get(:copy, :params => {:id => orig.id})
1116
    assert_response 403
1117
  end
1118

  
1100 1119
  def test_get_copy_with_invalid_source_should_respond_with_404
1101 1120
    @request.session[:user_id] = 1
1102 1121
    get(:copy, :params => {:id => 99})