Patch #24623 » atta.4.0.patch
| app/controllers/issues_controller.rb | ||
|---|---|---|
| 126 | 126 |
raise ::Unauthorized |
| 127 | 127 |
end |
| 128 | 128 |
call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
|
| 129 |
@issue.save_attachments(params[:attachments] || (params[:issue] && params[:issue][:uploads])) |
|
| 129 |
@issue.save_attachments(params[:attachments] || (params[:issue] && params[:issue][:uploads])) if User.current.allowed_to?(:edit_attachments, @issue.project)
|
|
| 130 | 130 |
if @issue.save |
| 131 | 131 |
call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
|
| 132 | 132 |
respond_to do |format| |
| ... | ... | |
| 523 | 523 |
@issue.safe_attributes = attrs |
| 524 | 524 | |
| 525 | 525 |
if @issue.project |
| 526 |
@issue.attachments = [] unless User.current.allowed_to?(:edit_attachments, @issue.project) |
|
| 526 | 527 |
@issue.tracker ||= @issue.allowed_target_trackers.first |
| 527 | 528 |
if @issue.tracker.nil? |
| 528 | 529 |
if @issue.project.trackers.any? |
| app/models/issue.rb | ||
|---|---|---|
| 38 | 38 |
has_many :relations_from, :class_name => 'IssueRelation', :foreign_key => 'issue_from_id', :dependent => :delete_all |
| 39 | 39 |
has_many :relations_to, :class_name => 'IssueRelation', :foreign_key => 'issue_to_id', :dependent => :delete_all |
| 40 | 40 | |
| 41 |
acts_as_attachable :after_add => :attachment_added, :after_remove => :attachment_removed |
|
| 41 |
acts_as_attachable :after_add => :attachment_added, :after_remove => :attachment_removed, |
|
| 42 |
:view_permission => :view_attachments, :edit_permission => :edit_attachments, :delete_permission => :delete_attachments |
|
| 42 | 43 |
acts_as_customizable |
| 43 | 44 |
acts_as_watchable |
| 44 | 45 |
acts_as_searchable :columns => ['subject', "#{table_name}.description"],
|
| ... | ... | |
| 273 | 274 |
self.status = issue.status |
| 274 | 275 |
end |
| 275 | 276 |
self.author = User.current |
| 276 |
unless options[:attachments] == false
|
|
| 277 |
if options[:attachments] == true && User.current.allowed_to?(:view_attachments, issue.project)
|
|
| 277 | 278 |
self.attachments = issue.attachments.map do |attachement| |
| 278 | 279 |
attachement.copy(:container => self) |
| 279 | 280 |
end |
| app/models/journal.rb | ||
|---|---|---|
| 88 | 88 |
detail.custom_field && detail.custom_field.visible_by?(project, user) |
| 89 | 89 |
elsif detail.property == 'relation' |
| 90 | 90 |
Issue.find_by_id(detail.value || detail.old_value).try(:visible?, user) |
| 91 |
elsif detail.property == 'attachment' |
|
| 92 |
user.allowed_to?(:view_attachments, project) |
|
| 91 | 93 |
else |
| 92 | 94 |
true |
| 93 | 95 |
end |
| app/models/mailer.rb | ||
|---|---|---|
| 93 | 93 |
end |
| 94 | 94 | |
| 95 | 95 |
# Builds a mail for notifying user about an issue update |
| 96 |
def issue_edit(user, journal) |
|
| 96 |
def issue_edit(user, journal, att=false)
|
|
| 97 | 97 |
issue = journal.journalized |
| 98 | 98 |
redmine_headers 'Project' => issue.project.identifier, |
| 99 | 99 |
'Issue-Id' => issue.id, |
| ... | ... | |
| 110 | 110 |
@journal = journal |
| 111 | 111 |
@journal_details = journal.visible_details |
| 112 | 112 |
@issue_url = url_for(:controller => 'issues', :action => 'show', :id => issue, :anchor => "change-#{journal.id}")
|
| 113 |
@att = att |
|
| 113 | 114 | |
| 114 | 115 |
mail :to => user, |
| 115 | 116 |
:subject => s |
| ... | ... | |
| 120 | 121 |
# Example: |
| 121 | 122 |
# Mailer.deliver_issue_edit(journal) |
| 122 | 123 |
def self.deliver_issue_edit(journal) |
| 124 |
issue = journal.journalized.reload |
|
| 123 | 125 |
users = journal.notified_users | journal.notified_watchers |
| 124 | 126 |
users.select! do |user| |
| 125 | 127 |
journal.notes? || journal.visible_details(user).any? |
| 126 | 128 |
end |
| 127 | 129 |
users.each do |user| |
| 128 |
issue_edit(user, journal).deliver_later |
|
| 130 |
issue_edit(user, journal, user.allowed_to?(:view_attachments, issue.project)).deliver_later
|
|
| 129 | 131 |
end |
| 130 | 132 |
end |
| 131 | 133 | |
| app/views/issues/_edit.html.erb | ||
|---|---|---|
| 39 | 39 |
<%= call_hook(:view_issues_edit_notes_bottom, { :issue => @issue, :notes => @notes, :form => f }) %>
|
| 40 | 40 |
</fieldset> |
| 41 | 41 | |
| 42 |
<% if User.current.allowed_to?(:edit_attachments, @project) %> |
|
| 42 | 43 |
<fieldset><legend><%= l(:label_attachment_plural) %></legend> |
| 43 | 44 |
<% if @issue.attachments.any? && @issue.safe_attribute?('deleted_attachment_ids') %>
|
| 44 | 45 |
<div class="contextual"><%= link_to l(:label_edit_attachments), '#', :onclick => "$('#existing-attachments').toggle(); return false;" %></div>
|
| ... | ... | |
| 62 | 63 |
<%= render :partial => 'attachments/form', :locals => {:container => @issue} %>
|
| 63 | 64 |
</div> |
| 64 | 65 |
</fieldset> |
| 66 |
<% end %> |
|
| 65 | 67 |
<% end %> |
| 66 | 68 |
</div> |
| 67 | 69 | |
| app/views/issues/new.html.erb | ||
|---|---|---|
| 17 | 17 |
<%= check_box_tag 'link_copy', '1', @link_copy %> |
| 18 | 18 |
</p> |
| 19 | 19 |
<% end %> |
| 20 |
<% if @copy_from && @copy_from.attachments.any? %> |
|
| 20 |
<% if @copy_from && @copy_from.attachments.any? && User.current.allowed_to?(:view_attachments, @copy_from.project) %>
|
|
| 21 | 21 |
<p> |
| 22 | 22 |
<label for="copy_attachments"><%= l(:label_copy_attachments) %></label> |
| 23 | 23 |
<%= check_box_tag 'copy_attachments', '1', @copy_attachments %> |
| ... | ... | |
| 30 | 30 |
</p> |
| 31 | 31 |
<% end %> |
| 32 | 32 | |
| 33 |
<% if User.current.allowed_to?(:edit_attachments, @project) %> |
|
| 33 | 34 |
<p id="attachments_form"><label><%= l(:label_attachment_plural) %></label><%= render :partial => 'attachments/form', :locals => {:container => @issue} %></p>
|
| 35 |
<% end %> |
|
| 34 | 36 | |
| 35 | 37 |
<div id="watchers_form_container"> |
| 36 | 38 |
<%= render :partial => 'issues/watchers_form' %> |
| app/views/issues/show.api.rsb | ||
|---|---|---|
| 35 | 35 |
@issue.attachments.each do |attachment| |
| 36 | 36 |
render_api_attachment(attachment, api) |
| 37 | 37 |
end |
| 38 |
end if include_in_api_response?('attachments')
|
|
| 38 |
end if include_in_api_response?('attachments') && User.current.allowed_to?(:view_attachments, @project)
|
|
| 39 | 39 | |
| 40 | 40 |
api.array :relations do |
| 41 | 41 |
@relations.each do |relation| |
| app/views/issues/show.html.erb | ||
|---|---|---|
| 88 | 88 |
</div> |
| 89 | 89 |
</div> |
| 90 | 90 |
<% end %> |
| 91 |
<% if @issue.attachments.any? %> |
|
| 91 |
<% if @issue.attachments.any? && (User.current.allowed_to?(:view_attachments, @project)) %>
|
|
| 92 | 92 |
<hr /> |
| 93 | 93 |
<p><strong><%=l(:label_attachment_plural)%></strong></p> |
| 94 |
<%= link_to_attachments @issue, :thumbnails => true %> |
|
| 94 |
<%= link_to_attachments @issue, :thumbnails => true if User.current.allowed_to?(:view_attachments, @project) %>
|
|
| 95 | 95 |
<% end %> |
| 96 | 96 | |
| 97 | 97 |
<%= render_full_width_custom_fields_rows(@issue) %> |
| app/views/mailer/_issue.html.erb | ||
|---|---|---|
| 4 | 4 | |
| 5 | 5 |
<%= textilizable(issue, :description, :only_path => false) %> |
| 6 | 6 | |
| 7 |
<% if issue.attachments.any? %> |
|
| 7 |
<% if issue.attachments.any? && @att %>
|
|
| 8 | 8 |
<fieldset class="attachments"><legend><%= l(:label_attachment_plural) %></legend> |
| 9 | 9 |
<% issue.attachments.each do |attachment| %> |
| 10 | 10 |
<%= link_to_attachment attachment, :download => true, :only_path => false %> |
| app/views/mailer/_issue.text.erb | ||
|---|---|---|
| 5 | 5 |
---------------------------------------- |
| 6 | 6 |
<%= issue.description %> |
| 7 | 7 | |
| 8 |
<% if issue.attachments.any? -%> |
|
| 8 |
<% if issue.attachments.any? && @att -%>
|
|
| 9 | 9 |
---<%= l(:label_attachment_plural).ljust(37, '-') %> |
| 10 | 10 |
<% issue.attachments.each do |attachment| -%> |
| 11 | 11 |
<%= attachment.filename %> (<%= number_to_human_size(attachment.filesize) %>) |
| config/locales/en.yml | ||
|---|---|---|
| 492 | 492 |
permission_view_private_notes: View private notes |
| 493 | 493 |
permission_set_notes_private: Set notes as private |
| 494 | 494 |
permission_delete_issues: Delete issues |
| 495 |
permission_view_attachments: View attachments |
|
| 496 |
permission_edit_attachments: Edit attachments |
|
| 497 |
permission_delete_attachments: Delete attachments |
|
| 495 | 498 |
permission_manage_public_queries: Manage public queries |
| 496 | 499 |
permission_save_queries: Save queries |
| 497 | 500 |
permission_view_gantt: View gantt chart |
| config/locales/pt-BR.yml | ||
|---|---|---|
| 782 | 782 |
permission_manage_members: Gerenciar membros |
| 783 | 783 |
permission_edit_messages: Editar mensagens |
| 784 | 784 |
permission_delete_issues: Excluir tarefas |
| 785 |
permission_view_attachments: Ver arquivos anexos |
|
| 786 |
permission_edit_attachments: Editar arquivos anexos |
|
| 787 |
permission_delete_attachments: Apagar arquivos anexos |
|
| 785 | 788 |
permission_view_issue_watchers: Ver lista de observadores |
| 786 | 789 |
permission_manage_repository: Gerenciar repositório |
| 787 | 790 |
permission_commit_access: Acesso do commit |
| db/migrate/20161215142110_add_attachments_permissions.rb | ||
|---|---|---|
| 1 |
class AddAttachmentsPermissions < ActiveRecord::Migration[5.0] |
|
| 2 |
def self.up |
|
| 3 |
Role.all.each do |r| |
|
| 4 |
r.add_permission!(:view_attachments) if r.has_permission?(:view_issues) |
|
| 5 |
r.add_permission!(:edit_attachments) if r.has_permission?(:edit_issues) |
|
| 6 |
r.add_permission!(:delete_attachments) if r.has_permission?(:edit_issues) |
|
| 7 |
end |
|
| 8 |
end |
|
| 9 | ||
| 10 |
def self.down |
|
| 11 |
Role.all.each do |r| |
|
| 12 |
r.remove_permission!(:view_attachments) |
|
| 13 |
r.remove_permission!(:edit_attachments) |
|
| 14 |
r.remove_permission!(:delete_attachments) |
|
| 15 |
end |
|
| 16 |
end |
|
| 17 |
end |
|
| lib/plugins/acts_as_searchable/lib/acts_as_searchable.rb | ||
|---|---|---|
| 134 | 134 |
r |= fetch_ranks_and_ids( |
| 135 | 135 |
search_scope(user, projects, options). |
| 136 | 136 |
joins(:attachments). |
| 137 |
where("#{Project.allowed_to_condition(user, :view_attachments)}", false).
|
|
| 137 | 138 |
where(search_tokens_condition(["#{Attachment.table_name}.filename", "#{Attachment.table_name}.description"], tokens, options[:all_words])),
|
| 138 | 139 |
options[:limit] |
| 139 | 140 |
) |
| lib/redmine.rb | ||
|---|---|---|
| 99 | 99 |
:queries => :index, |
| 100 | 100 |
:reports => [:issue_report, :issue_report_details]}, |
| 101 | 101 |
:read => true |
| 102 |
map.permission :add_issues, {:issues => [:new, :create], :attachments => :upload}
|
|
| 103 |
map.permission :edit_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update], :journals => [:new], :attachments => :upload}
|
|
| 104 |
map.permission :copy_issues, {:issues => [:new, :create, :bulk_edit, :bulk_update], :attachments => :upload}
|
|
| 102 |
map.permission :add_issues, {:issues => [:new, :create]}
|
|
| 103 |
map.permission :edit_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update], :journals => [:new]}
|
|
| 104 |
map.permission :copy_issues, {:issues => [:new, :create, :bulk_edit, :bulk_update]}
|
|
| 105 | 105 |
map.permission :manage_issue_relations, {:issue_relations => [:index, :show, :create, :destroy]}
|
| 106 | 106 |
map.permission :manage_subtasks, {}
|
| 107 | 107 |
map.permission :set_issues_private, {}
|
| 108 | 108 |
map.permission :set_own_issues_private, {}, :require => :loggedin
|
| 109 |
map.permission :add_issue_notes, {:issues => [:edit, :update], :journals => [:new], :attachments => :upload}
|
|
| 109 |
map.permission :add_issue_notes, {:issues => [:edit, :update], :journals => [:new]}
|
|
| 110 | 110 |
map.permission :edit_issue_notes, {:journals => [:edit, :update]}, :require => :loggedin
|
| 111 | 111 |
map.permission :edit_own_issue_notes, {:journals => [:edit, :update]}, :require => :loggedin
|
| 112 | 112 |
map.permission :view_private_notes, {}, :read => true, :require => :member
|
| 113 | 113 |
map.permission :set_notes_private, {}, :require => :member
|
| 114 | 114 |
map.permission :delete_issues, {:issues => :destroy}, :require => :member
|
| 115 |
# Attachments |
|
| 116 |
map.permission :view_attachments, {}, :require => :member
|
|
| 117 |
map.permission :edit_attachments, {:attachments => :upload}, :require => :member
|
|
| 118 |
map.permission :delete_attachments, {:attachments => :destroy}, :require => :member
|
|
| 115 | 119 |
# Watchers |
| 116 | 120 |
map.permission :view_issue_watchers, {}, :read => true
|
| 117 | 121 |
map.permission :add_issue_watchers, {:watchers => [:new, :create, :append, :autocomplete_for_user]}
|
| lib/redmine/export/pdf/issues_pdf_helper.rb | ||
|---|---|---|
| 235 | 235 |
end |
| 236 | 236 |
end |
| 237 | 237 |
|
| 238 |
if issue.attachments.any? |
|
| 238 |
if issue.attachments.any? && User.current.allowed_to?(:view_attachments, @project)
|
|
| 239 | 239 |
pdf.SetFontStyle('B',9)
|
| 240 | 240 |
pdf.RDMCell(190,5, l(:label_attachment_plural), "B") |
| 241 | 241 |
pdf.ln |
