Feature #1248 » 1248-edit-own-issues-permit.patch
| app/models/issue.rb | ||
|---|---|---|
| 178 | 178 | |
| 179 | 179 |
# Returns true if user or current user is allowed to edit the issue |
| 180 | 180 |
def attributes_editable?(user=User.current) |
| 181 |
user_tracker_permission?(user, :edit_issues) |
|
| 181 |
user_tracker_permission?(user, :edit_issues) || ( |
|
| 182 |
user_tracker_permission?(user, :edit_own_issues) && author == user |
|
| 183 |
) |
|
| 182 | 184 |
end |
| 183 | 185 | |
| 184 | 186 |
# Overrides Redmine::Acts::Attachable::InstanceMethods#attachments_editable? |
| config/locales/en.yml | ||
|---|---|---|
| 485 | 485 |
permission_view_issues: View Issues |
| 486 | 486 |
permission_add_issues: Add issues |
| 487 | 487 |
permission_edit_issues: Edit issues |
| 488 |
permission_edit_own_issues: Edit own issues |
|
| 488 | 489 |
permission_copy_issues: Copy issues |
| 489 | 490 |
permission_manage_issue_relations: Manage issue relations |
| 490 | 491 |
permission_set_issues_private: Set issues public or private |
| lib/redmine.rb | ||
|---|---|---|
| 100 | 100 |
:read => true |
| 101 | 101 |
map.permission :add_issues, {:issues => [:new, :create], :attachments => :upload}
|
| 102 | 102 |
map.permission :edit_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update], :journals => [:new], :attachments => :upload}
|
| 103 |
map.permission :edit_own_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update], :journals => [:new], :attachments => :upload}
|
|
| 103 | 104 |
map.permission :copy_issues, {:issues => [:new, :create, :bulk_edit, :bulk_update], :attachments => :upload}
|
| 104 | 105 |
map.permission :manage_issue_relations, {:issue_relations => [:index, :show, :create, :destroy]}
|
| 105 | 106 |
map.permission :manage_subtasks, {}
|
| test/functional/context_menus_controller_test.rb | ||
|---|---|---|
| 103 | 103 |
assert_select 'a[href=?]', "/issues/bulk_update?#{ids}&issue%5Bassigned_to_id%5D=2", :text => 'John Smith'
|
| 104 | 104 |
end |
| 105 | 105 | |
| 106 |
def test_context_menu_by_author_should_selectable_edit_the_own_created_issues |
|
| 107 |
Role.all.each do |r| |
|
| 108 |
r.remove_permission! :edit_issues |
|
| 109 |
r.add_permission! :edit_own_issues |
|
| 110 |
end |
|
| 111 | ||
| 112 |
author_id = 2 # jsmith |
|
| 113 |
@request.session[:user_id] = author_id |
|
| 114 | ||
| 115 |
# Include author only |
|
| 116 |
assert_equal [author_id], Issue.where(:id => [1, 2]).collect(&:author_id).uniq |
|
| 117 |
get :issues, :params => {
|
|
| 118 |
:ids => [1, 2] |
|
| 119 |
} |
|
| 120 |
assert_response :success |
|
| 121 |
assert_select 'a[href=?]', '/issues/bulk_edit?ids%5B%5D=1&ids%5B%5D=2', :text => 'Edit' |
|
| 122 | ||
| 123 |
# Including other than authors |
|
| 124 |
assert_not_equal [author_id], Issue.where(:id => [1, 2, 12]).collect(&:author_id).uniq |
|
| 125 |
get :issues, :params => {
|
|
| 126 |
:ids => [1, 2, 12] |
|
| 127 |
} |
|
| 128 |
assert_response :success |
|
| 129 |
assert_select 'a.disabled[href=?]', '#', :text => 'Edit' |
|
| 130 |
end |
|
| 131 | ||
| 106 | 132 |
def test_context_menu_should_include_list_custom_fields |
| 107 | 133 |
field = IssueCustomField.create!(:name => 'List', :field_format => 'list', |
| 108 | 134 |
:possible_values => ['Foo', 'Bar'], :is_for_all => true, :tracker_ids => [1, 2, 3]) |
| ... | ... | |
| 317 | 343 |
def test_time_entries_context_menu_without_edit_permission |
| 318 | 344 |
@request.session[:user_id] = 2 |
| 319 | 345 |
Role.find_by_name('Manager').remove_permission! :edit_time_entries
|
| 320 |
|
|
| 346 | ||
| 321 | 347 |
get :time_entries, :params => {
|
| 322 | 348 |
:ids => [1, 2] |
| 323 | 349 |
} |
| test/functional/issues_controller_test.rb | ||
|---|---|---|
| 4525 | 4525 |
assert_select 'input[name=?]', 'time_entry[hours]', 0 |
| 4526 | 4526 |
end |
| 4527 | 4527 | |
| 4528 |
def test_get_edit_should_display_the_change_properties_area_with_attributes_editable_permission |
|
| 4529 |
@request.session[:user_id] = 2 # jsmith |
|
| 4530 |
role_manager = Role.find_by_name('Manager') # jsmith's role
|
|
| 4531 | ||
| 4532 |
role_manager.remove_permission! :edit_issues, :edit_own_issues |
|
| 4533 |
role_manager.add_permission! :edit_issues |
|
| 4534 |
get :edit, :params => {
|
|
| 4535 |
:id => 1 |
|
| 4536 |
} |
|
| 4537 |
assert_response :success |
|
| 4538 |
assert_select '#all_attributes', :count => 1 |
|
| 4539 | ||
| 4540 |
role_manager.remove_permission! :edit_issues, :edit_own_issues |
|
| 4541 |
role_manager.add_permission! :edit_own_issues |
|
| 4542 |
get :edit, :params => {
|
|
| 4543 |
:id => 1 |
|
| 4544 |
} |
|
| 4545 |
assert_response :success |
|
| 4546 |
assert_select '#all_attributes', :count => 1 |
|
| 4547 | ||
| 4548 |
role_manager.remove_permission! :edit_issues, :edit_own_issues |
|
| 4549 |
role_manager.add_permission! :edit_issues, :edit_own_issues |
|
| 4550 |
get :edit, :params => {
|
|
| 4551 |
:id => 1 |
|
| 4552 |
} |
|
| 4553 |
assert_response :success |
|
| 4554 |
assert_select '#all_attributes', :count => 1 |
|
| 4555 |
end |
|
| 4556 | ||
| 4557 |
def test_get_edit_should_not_display_the_change_properties_area_without_attributes_editable_permission |
|
| 4558 |
@request.session[:user_id] = 2 # jsmith |
|
| 4559 | ||
| 4560 |
Role.find_by_name('Manager').remove_permission! :edit_issues, :edit_own_issues
|
|
| 4561 |
get :edit, :params => {
|
|
| 4562 |
:id => 1 |
|
| 4563 |
} |
|
| 4564 |
assert_response :success |
|
| 4565 |
assert_select '#all_attributes', :count => 0 |
|
| 4566 |
end |
|
| 4567 | ||
| 4528 | 4568 |
def test_get_edit_with_params |
| 4529 | 4569 |
@request.session[:user_id] = 2 |
| 4530 | 4570 |
get :edit, :params => {
|
| test/unit/issue_test.rb | ||
|---|---|---|
| 541 | 541 |
assert_equal false, issue.deletable?(user) |
| 542 | 542 |
end |
| 543 | 543 | |
| 544 |
def test_issue_should_editable_by_author |
|
| 545 |
Role.all.each do |r| |
|
| 546 |
r.remove_permission! :edit_issues |
|
| 547 |
r.add_permission! :edit_own_issues |
|
| 548 |
end |
|
| 549 | ||
| 550 |
issue = Issue.find(1) |
|
| 551 |
user = User.find_by_login('jsmith')
|
|
| 552 | ||
| 553 |
# author |
|
| 554 |
assert_equal user, issue.author |
|
| 555 |
assert_equal true, issue.attributes_editable?(user) |
|
| 556 | ||
| 557 |
# not author |
|
| 558 |
assert_equal false, issue.attributes_editable?(User.find_by_login('dlopper'))
|
|
| 559 |
end |
|
| 560 | ||
| 544 | 561 |
def test_errors_full_messages_should_include_custom_fields_errors |
| 545 | 562 |
field = IssueCustomField.find_by_name('Database')
|
| 546 | 563 | |
- « Previous
- 1
- 2
- 3
- Next »
