Feature #4687 » diff.patch
| app/controllers/projects_controller.rb | ||
|---|---|---|
| 22 | 22 |
menu_item :settings, :only => :settings |
| 23 | 23 |
menu_item :projects, :only => [:index, :new, :copy, :create] |
| 24 | 24 | |
| 25 |
before_action :find_project, :except => [ :index, :autocomplete, :list, :new, :create, :copy ]
|
|
| 26 |
before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
|
|
| 25 |
before_action :find_project, :except => [ :index, :autocomplete, :list, :new, :create ] |
|
| 26 |
before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :archive, :unarchive, :destroy] |
|
| 27 | 27 |
before_action :authorize_global, :only => [:new, :create] |
| 28 |
before_action :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
|
|
| 28 |
before_action :require_admin, :only => [ :archive, :unarchive, :destroy ] |
|
| 29 | 29 |
accept_rss_auth :index |
| 30 | 30 |
accept_api_auth :index, :show, :create, :update, :destroy |
| 31 | 31 |
require_sudo_mode :destroy |
| ... | ... | |
| 128 | 128 |
end |
| 129 | 129 | |
| 130 | 130 |
def copy |
| 131 |
@project = nil # Reset because source project was set in @project for authorize. |
|
| 131 | 132 |
@issue_custom_fields = IssueCustomField.sorted.to_a |
| 132 | 133 |
@trackers = Tracker.sorted.to_a |
| 133 | 134 |
@source_project = Project.find(params[:id]) |
| app/views/projects/show.html.erb | ||
|---|---|---|
| 5 | 5 |
<% if User.current.allowed_to?(:add_subprojects, @project) %> |
| 6 | 6 |
<%= link_to l(:label_subproject_new), new_project_path(:parent_id => @project), :class => 'icon icon-add' %> |
| 7 | 7 |
<% end %> |
| 8 |
<% if User.current.allowed_to?(:copy_project, @project) %> |
|
| 9 |
<%= link_to(l(:button_copy), copy_project_path(@project), :class => 'icon icon-copy') %> |
|
| 10 |
<% end %> |
|
| 8 | 11 |
<% if User.current.allowed_to?(:close_project, @project) %> |
| 9 | 12 |
<% if @project.active? %> |
| 10 | 13 |
<%= link_to l(:button_close), close_project_path(@project), :data => {:confirm => l(:text_are_you_sure)}, :method => :post, :class => 'icon icon-lock' %>
|
| lib/redmine.rb | ||
|---|---|---|
| 88 | 88 |
map.permission :manage_members, {:projects => :settings, :members => [:index, :show, :new, :create, :edit, :update, :destroy, :autocomplete]}, :require => :member
|
| 89 | 89 |
map.permission :manage_versions, {:projects => :settings, :versions => [:new, :create, :edit, :update, :close_completed, :destroy]}, :require => :member
|
| 90 | 90 |
map.permission :add_subprojects, {:projects => [:new, :create]}, :require => :member
|
| 91 |
map.permission :copy_project, {:projects => [:copy]}, :require => :member
|
|
| 91 | 92 |
# Queries |
| 92 | 93 |
map.permission :manage_public_queries, {:queries => [:new, :create, :edit, :update, :destroy]}, :require => :member
|
| 93 | 94 |
map.permission :save_queries, {:queries => [:new, :create, :edit, :update, :destroy]}, :require => :loggedin
|
| test/fixtures/roles.yml | ||
|---|---|---|
| 11 | 11 |
- :edit_project |
| 12 | 12 |
- :close_project |
| 13 | 13 |
- :select_project_modules |
| 14 |
- :copy_project |
|
| 14 | 15 |
- :manage_members |
| 15 | 16 |
- :manage_versions |
| 16 | 17 |
- :manage_categories |
| test/functional/projects_controller_test.rb | ||
|---|---|---|
| 1087 | 1087 |
end |
| 1088 | 1088 |
end |
| 1089 | 1089 | |
| 1090 |
def test_get_copy |
|
| 1090 |
def test_get_copy_by_admin_user
|
|
| 1091 | 1091 |
@request.session[:user_id] = 1 # admin |
| 1092 |
orig = Project.find(1) # Login user is no member |
|
| 1093 |
get(:copy, :params => {:id => orig.id})
|
|
| 1094 |
assert_response :success |
|
| 1095 | ||
| 1096 |
assert_select 'textarea[name=?]', 'project[description]', :text => orig.description |
|
| 1097 |
assert_select 'input[name=?][value=?]', 'project[enabled_module_names][]', 'issue_tracking', 1 |
|
| 1098 |
end |
|
| 1099 | ||
| 1100 |
def test_get_copy_by_non_admin_user_with_copy_project_permission |
|
| 1101 |
@request.session[:user_id] = 3 |
|
| 1102 |
Role.find(2).add_permission! :copy_project |
|
| 1092 | 1103 |
orig = Project.find(1) |
| 1093 | 1104 |
get(:copy, :params => {:id => orig.id})
|
| 1094 | 1105 |
assert_response :success |
| ... | ... | |
| 1097 | 1108 |
assert_select 'input[name=?][value=?]', 'project[enabled_module_names][]', 'issue_tracking', 1 |
| 1098 | 1109 |
end |
| 1099 | 1110 | |
| 1111 |
def test_get_copy_by_non_admin_user_without_copy_project_permission_should_respond_with_403 |
|
| 1112 |
@request.session[:user_id] = 3 |
|
| 1113 |
Role.find(2).remove_permission! :copy_project |
|
| 1114 |
orig = Project.find(1) |
|
| 1115 |
get(:copy, :params => {:id => orig.id})
|
|
| 1116 |
assert_response 403 |
|
| 1117 |
end |
|
| 1118 | ||
| 1100 | 1119 |
def test_get_copy_with_invalid_source_should_respond_with_404 |
| 1101 | 1120 |
@request.session[:user_id] = 1 |
| 1102 | 1121 |
get(:copy, :params => {:id => 99})
|