4687-v2.patch

Go MAEDA, 2021-02-07 08:52

Download (5.01 KB)

View differences:

app/controllers/projects_controller.rb
23 23
  menu_item :projects, :only => [:index, :new, :copy, :create]
24 24

  
25 25
  before_action :find_project,
26
                :except => [:index, :autocomplete, :list, :new, :create, :copy]
26
                :except => [:index, :autocomplete, :list, :new, :create]
27 27
  before_action :authorize,
28
                :except => [:index, :autocomplete, :list, :new, :create, :copy,
28
                :except => [:index, :autocomplete, :list, :new, :create,
29 29
                            :archive, :unarchive]
30 30
  before_action :authorize_global, :only => [:new, :create]
31
  before_action :require_admin, :only => [:copy, :archive, :unarchive]
31
  before_action :require_admin, :only => [:archive, :unarchive]
32 32
  accept_rss_auth :index
33 33
  accept_api_auth :index, :show, :create, :update, :destroy
34 34
  require_sudo_mode :destroy
......
138 138
  end
139 139

  
140 140
  def copy
141
    @project = nil # Reset because source project was set in @project for authorize.
141 142
    @issue_custom_fields = IssueCustomField.sorted.to_a
142 143
    @trackers = Tracker.sorted.to_a
143 144
    @source_project = Project.find(params[:id])
app/views/projects/show.html.erb
5 5
  <% if User.current.allowed_to?(:add_subprojects, @project) %>
6 6
    <%= link_to l(:label_subproject_new), new_project_path(:parent_id => @project), :class => 'icon icon-add' %>
7 7
  <% end %>
8
  <% if User.current.allowed_to?(:copy_project, @project) %>
9
    <%= link_to(l(:button_copy), copy_project_path(@project), :class => 'icon icon-copy') %>
10
  <% end %>
8 11
  <% if User.current.allowed_to?(:close_project, @project) %>
9 12
    <% if @project.active? %>
10 13
      <%= link_to l(:button_close), close_project_path(@project), :data => {:confirm => l(:text_are_you_sure)}, :method => :post, :class => 'icon icon-lock' %>
lib/redmine.rb
90 90
  map.permission :manage_members, {:projects => :settings, :members => [:index, :show, :new, :create, :edit, :update, :destroy, :autocomplete]}, :require => :member
91 91
  map.permission :manage_versions, {:projects => :settings, :versions => [:new, :create, :edit, :update, :close_completed, :destroy]}, :require => :member
92 92
  map.permission :add_subprojects, {:projects => [:new, :create]}, :require => :member
93
  map.permission :copy_project, {:projects => [:copy]}, :require => :member
93 94
  # Queries
94 95
  map.permission :manage_public_queries, {:queries => [:new, :create, :edit, :update, :destroy]}, :require => :member
95 96
  map.permission :save_queries, {:queries => [:new, :create, :edit, :update, :destroy]}, :require => :loggedin
test/fixtures/roles.yml
12 12
    - :close_project
13 13
    - :delete_project
14 14
    - :select_project_modules
15
    - :copy_project
15 16
    - :manage_members
16 17
    - :manage_versions
17 18
    - :manage_categories
test/functional/projects_controller_test.rb
1174 1174
    end
1175 1175
  end
1176 1176

  
1177
  def test_get_copy
1177
  def test_get_copy_by_admin_user
1178 1178
    @request.session[:user_id] = 1 # admin
1179
    orig = Project.find(1) # Login user is no member
1180
    get(:copy, :params => {:id => orig.id})
1181
    assert_response :success
1182

  
1183
    assert_select 'textarea[name=?]', 'project[description]', :text => orig.description
1184
    assert_select 'input[name=?][value=?]', 'project[enabled_module_names][]', 'issue_tracking', 1
1185
  end
1186

  
1187
  def test_get_copy_by_non_admin_user_with_copy_project_permission
1188
    @request.session[:user_id] = 3
1189
    Role.find(2).add_permission! :copy_project
1179 1190
    orig = Project.find(1)
1180 1191
    get(:copy, :params => {:id => orig.id})
1181 1192
    assert_response :success
......
1184 1195
    assert_select 'input[name=?][value=?]', 'project[enabled_module_names][]', 'issue_tracking', 1
1185 1196
  end
1186 1197

  
1198
  def test_get_copy_by_non_admin_user_without_copy_project_permission_should_respond_with_403
1199
    @request.session[:user_id] = 3
1200
    Role.find(2).remove_permission! :copy_project
1201
    orig = Project.find(1)
1202
    get(:copy, :params => {:id => orig.id})
1203
    assert_response 403
1204
  end
1205

  
1187 1206
  def test_get_copy_with_invalid_source_should_respond_with_404
1188 1207
    @request.session[:user_id] = 1
1189 1208
    get(:copy, :params => {:id => 99})