Feature #33868 » feature-33868.patch
| app/models/issue.rb | ||
|---|---|---|
| 194 | 194 | |
| 195 | 195 |
# Returns true if user or current user is allowed to add notes to the issue |
| 196 | 196 |
def notes_addable?(user=User.current) |
| 197 |
user_tracker_permission?(user, :add_issue_notes) |
|
| 197 |
is_addable = user_tracker_permission?(user, :add_issue_notes) |
|
| 198 |
if self.closed? && !self.closing? |
|
| 199 |
is_addable &&= user.allowed_to?(:add_note_to_closed_issue, self.project) |
|
| 200 |
end |
|
| 201 |
is_addable |
|
| 198 | 202 |
end |
| 199 | 203 | |
| 200 | 204 |
# Returns true if user or current user is allowed to delete the issue |
| app/models/mail_handler.rb | ||
|---|---|---|
| 225 | 225 | |
| 226 | 226 |
# check permission |
| 227 | 227 |
unless handler_options[:no_permission_check] |
| 228 |
unless user.allowed_to?(:add_issue_notes, issue.project) ||
|
|
| 229 |
user.allowed_to?(:edit_issues, issue.project)
|
|
| 230 |
raise UnauthorizedAction, "not allowed to add notes on issues to project [#{project.name}]"
|
|
| 228 |
if !user.allowed_to?(:edit_issues, issue.project) &&
|
|
| 229 |
(!user.allowed_to?(:add_issue_notes, issue.project) || (issue.closed? && !user.allowed_to?(:add_note_to_closed_issue, issue.project)))
|
|
| 230 |
raise UnauthorizedAction, "not allowed to add notes on issues to project [#{issue.project.name}]"
|
|
| 231 | 231 |
end |
| 232 | 232 |
end |
| 233 | 233 | |
| lib/redmine.rb | ||
|---|---|---|
| 111 | 111 |
map.permission :set_issues_private, {}
|
| 112 | 112 |
map.permission :set_own_issues_private, {}, :require => :loggedin
|
| 113 | 113 |
map.permission :add_issue_notes, {:issues => [:edit, :update], :journals => [:new], :attachments => :upload}
|
| 114 |
map.permission :add_note_to_closed_issue, {:issues => [:edit, :update], :journals => [:new], :attachments => :upload}
|
|
| 114 | 115 |
map.permission :edit_issue_notes, {:journals => [:edit, :update]}, :require => :loggedin
|
| 115 | 116 |
map.permission :edit_own_issue_notes, {:journals => [:edit, :update]}, :require => :loggedin
|
| 116 | 117 |
map.permission :view_private_notes, {}, :read => true, :require => :member
|
| lib/redmine/default_data/loader.rb | ||
|---|---|---|
| 64 | 64 |
:manage_issue_relations, |
| 65 | 65 |
:manage_subtasks, |
| 66 | 66 |
:add_issue_notes, |
| 67 |
:add_note_to_closed_issue, |
|
| 67 | 68 |
:save_queries, |
| 68 | 69 |
:view_gantt, |
| 69 | 70 |
:view_calendar, |
| ... | ... | |
| 91 | 92 |
:permissions => [:view_issues, |
| 92 | 93 |
:add_issues, |
| 93 | 94 |
:add_issue_notes, |
| 95 |
:add_note_to_closed_issue, |
|
| 94 | 96 |
:save_queries, |
| 95 | 97 |
:view_gantt, |
| 96 | 98 |
:view_calendar, |
| ... | ... | |
| 111 | 113 |
Role.non_member.update_attribute :permissions, [:view_issues, |
| 112 | 114 |
:add_issues, |
| 113 | 115 |
:add_issue_notes, |
| 116 |
:add_note_to_closed_issue, |
|
| 114 | 117 |
:save_queries, |
| 115 | 118 |
:view_gantt, |
| 116 | 119 |
:view_calendar, |
| test/fixtures/roles.yml | ||
|---|---|---|
| 21 | 21 |
- :manage_issue_relations |
| 22 | 22 |
- :manage_subtasks |
| 23 | 23 |
- :add_issue_notes |
| 24 |
- :add_note_to_closed_issue |
|
| 24 | 25 |
- :delete_issues |
| 25 | 26 |
- :view_issue_watchers |
| 26 | 27 |
- :add_issue_watchers |
| ... | ... | |
| 87 | 88 |
- :manage_issue_relations |
| 88 | 89 |
- :manage_subtasks |
| 89 | 90 |
- :add_issue_notes |
| 91 |
- :add_note_to_closed_issue |
|
| 90 | 92 |
- :delete_issues |
| 91 | 93 |
- :view_issue_watchers |
| 92 | 94 |
- :save_queries |
| ... | ... | |
| 135 | 137 |
- :edit_issues |
| 136 | 138 |
- :manage_issue_relations |
| 137 | 139 |
- :add_issue_notes |
| 140 |
- :add_note_to_closed_issue |
|
| 138 | 141 |
- :view_issue_watchers |
| 139 | 142 |
- :save_queries |
| 140 | 143 |
- :view_gantt |
| ... | ... | |
| 174 | 177 |
- :edit_issues |
| 175 | 178 |
- :manage_issue_relations |
| 176 | 179 |
- :add_issue_notes |
| 180 |
- :add_note_to_closed_issue |
|
| 177 | 181 |
- :save_queries |
| 178 | 182 |
- :view_gantt |
| 179 | 183 |
- :view_calendar |
| ... | ... | |
| 203 | 207 |
--- |
| 204 | 208 |
- :view_issues |
| 205 | 209 |
- :add_issue_notes |
| 210 |
- :add_note_to_closed_issue |
|
| 206 | 211 |
- :view_gantt |
| 207 | 212 |
- :view_calendar |
| 208 | 213 |
- :view_time_entries |
| test/functional/issues_controller_test.rb | ||
|---|---|---|
| 6388 | 6388 |
assert_equal 2, issue.reload.assigned_to_id |
| 6389 | 6389 |
end |
| 6390 | 6390 | |
| 6391 |
def test_update_without_add_note_to_closed_issue_permission_when_closed |
|
| 6392 |
@request.session[:user_id] = 2 |
|
| 6393 |
Role.find(2).remove_permission! :add_note_to_closed_issue |
|
| 6394 |
issue = Issue.find(4) |
|
| 6395 |
issue.close! |
|
| 6396 | ||
| 6397 |
assert_no_difference 'Journal.count' do |
|
| 6398 |
put( |
|
| 6399 |
:update, |
|
| 6400 |
:params => {
|
|
| 6401 |
:id => issue.id, |
|
| 6402 |
:issue => {
|
|
| 6403 |
:notes => 'notes' |
|
| 6404 |
} |
|
| 6405 |
} |
|
| 6406 |
) |
|
| 6407 |
end |
|
| 6408 |
end |
|
| 6409 | ||
| 6410 |
def test_update_without_add_note_to_closed_issue_permission_when_closing |
|
| 6411 |
@request.session[:user_id] = 2 |
|
| 6412 |
Role.find(2).remove_permission! :add_note_to_closed_issue |
|
| 6413 |
issue = Issue.find(4) |
|
| 6414 | ||
| 6415 |
assert_difference 'Journal.count' do |
|
| 6416 |
put( |
|
| 6417 |
:update, |
|
| 6418 |
:params => {
|
|
| 6419 |
:id => issue.id, |
|
| 6420 |
:issue => {
|
|
| 6421 |
:status_id => 5, |
|
| 6422 |
:notes => 'notes' |
|
| 6423 |
} |
|
| 6424 |
} |
|
| 6425 |
) |
|
| 6426 |
end |
|
| 6427 |
end |
|
| 6428 | ||
| 6391 | 6429 |
def test_get_bulk_edit |
| 6392 | 6430 |
@request.session[:user_id] = 2 |
| 6393 | 6431 |
get(:bulk_edit, :params => {:ids => [1, 3]})
|
| test/unit/mail_handler_test.rb | ||
|---|---|---|
| 903 | 903 |
assert !journal.notes.match(/^Start Date:/i) |
| 904 | 904 |
end |
| 905 | 905 | |
| 906 |
def test_update_issue_without_permission_should_raise_an_error |
|
| 907 |
Role.find(1).remove_permission! :add_note_to_closed_issue |
|
| 908 |
Role.find(1).remove_permission! :edit_issues |
|
| 909 |
Issue.find(2).close! |
|
| 910 | ||
| 911 |
Rails.logger.expects(:error).with('MailHandler: unauthorized attempt from John Smith: not allowed to add notes on issues to project [eCookbook]')
|
|
| 912 |
assert_no_difference 'Journal.count' do |
|
| 913 |
submit_email('ticket_reply_with_status.eml')
|
|
| 914 |
end |
|
| 915 |
end |
|
| 916 | ||
| 917 |
def test_update_issue_without_permission_should_add_journal_when_cloging |
|
| 918 |
Role.find(1).remove_permission! :add_note_to_closed_issue |
|
| 919 |
Role.find(1).remove_permission! :edit_issues |
|
| 920 | ||
| 921 |
assert_difference 'Journal.count' do |
|
| 922 |
submit_email('ticket_reply_with_status.eml') do |raw|
|
|
| 923 |
raw.gsub! /^Status: .*$/, 'Status: Closed' |
|
| 924 |
end |
|
| 925 |
end |
|
| 926 |
end |
|
| 927 | ||
| 906 | 928 |
def test_update_issue_with_attachment |
| 907 | 929 |
assert_difference 'Journal.count' do |
| 908 | 930 |
assert_difference 'JournalDetail.count' do |