diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index a43038a98..d25d1992e 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -23,7 +23,9 @@ class ProjectsController < ApplicationController before_action :find_project, :except => [ :index, :autocomplete, :list, :new, :create, :copy ] before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :copy, :archive, :unarchive, :destroy] before_action :authorize_global, :only => [:new, :create] - before_action :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ] + before_action :require_admin, :only => [ :archive, :unarchive, :destroy ] + before_action :require_edit_permission_to_copy, :only => [ :copy ] + accept_rss_auth :index accept_api_auth :index, :show, :create, :update, :destroy require_sudo_mode :destroy @@ -34,6 +36,14 @@ class ProjectsController < ApplicationController helper :repositories helper :members + def require_edit_permission_to_copy + current_project = Project.find(params[:id]) + allowed = User.current.allowed_to?({:controller => 'projects', :action => 'edit'}, current_project, :global => false) + unless allowed + render_403 + end + end + # Lists visible projects def index # try to redirect to the requested menu item diff --git a/app/views/projects/show.html.erb b/app/views/projects/show.html.erb index 904f86ba0..bd3148f0c 100644 --- a/app/views/projects/show.html.erb +++ b/app/views/projects/show.html.erb @@ -2,6 +2,9 @@ <% if User.current.allowed_to?(:add_subprojects, @project) %> <%= link_to l(:label_subproject_new), new_project_path(:parent_id => @project), :class => 'icon icon-add' %> <% end %> + <% if User.current.allowed_to?({:controller => 'projects', :action => 'edit'}, @project) %> + <%= link_to 'Copy project', copy_project_path(@project), :class => 'icon icon-add' %> + <% end %> <% if User.current.allowed_to?(:close_project, @project) %> <% if @project.active? %> <%= link_to l(:button_close), close_project_path(@project), :data => {:confirm => l(:text_are_you_sure)}, :method => :post, :class => 'icon icon-lock' %>