0001-Allow-normal-users-to-delete-a-project.patch

Holger Just, 2020-09-01 17:08

Download (7.72 KB)

View differences:

app/controllers/projects_controller.rb
23 23
  menu_item :projects, :only => [:index, :new, :copy, :create]
24 24

  
25 25
  before_action :find_project, :except => [ :index, :autocomplete, :list, :new, :create, :copy ]
26
  before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
26
  before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :copy, :archive, :unarchive]
27 27
  before_action :authorize_global, :only => [:new, :create]
28
  before_action :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
28
  before_action :require_admin, :only => [ :copy, :archive, :unarchive ]
29 29
  accept_rss_auth :index
30 30
  accept_api_auth :index, :show, :create, :update, :destroy
31 31
  require_sudo_mode :destroy
......
259 259

  
260 260
  # Delete @project
261 261
  def destroy
262
    unless @project.deletable?
263
      deny_access
264
      return
265
    end
266

  
262 267
    @project_to_destroy = @project
263 268
    if api_request? || params[:confirm]
264 269
      @project_to_destroy.destroy
265 270
      respond_to do |format|
266
        format.html { redirect_to admin_projects_path }
271
        format.html { redirect_to User.current.admin? ? admin_projects_path : projects_path }
267 272
        format.api  { render_api_ok }
268 273
      end
269 274
    end
app/models/project.rb
709 709
    end
710 710
  end
711 711

  
712
  def deletable?(user = User.current)
713
    if user.admin?
714
      return true
715
    else
716
      user.allowed_to?(:delete_project, self) && leaf?
717
    end
718
  end
719

  
712 720
  # Return the enabled module with the given name
713 721
  # or nil if the module is not enabled for the project
714 722
  def enabled_module(name)
app/views/projects/destroy.html.erb
19 19

  
20 20
<p>
21 21
  <%= submit_tag l(:button_delete) %>
22
  <%= link_to l(:button_cancel), :controller => 'admin', :action => 'projects' %>
22
  <%= link_to l(:button_cancel), User.current.admin? ? admin_projects_path : projects_path %>
23 23
</p>
24 24
<% end %>
app/views/projects/show.html.erb
12 12
      <%= link_to l(:button_reopen), reopen_project_path(@project), :data => {:confirm => l(:text_are_you_sure)}, :method => :post, :class => 'icon icon-unlock' %>
13 13
    <% end %>
14 14
  <% end %>
15
  <% if @project.deletable? %>
16
    <%= link_to l(:button_delete), project_path(@project), :method => :delete, :class => 'icon icon-del' %>
17
  <% end %>
15 18
  <%= link_to_if_authorized l(:label_settings),
16 19
              {:controller => 'projects', :action => 'settings', :id => @project},
17 20
              :class => 'icon icon-settings' if User.current.allowed_to?(:edit_project, @project) %>
config/locales/de.yml
917 917
  permission_delete_issues: Tickets löschen
918 918
  permission_delete_messages: Forenbeiträge löschen
919 919
  permission_delete_own_messages: Eigene Forenbeiträge löschen
920
  permission_delete_project: Projekt löschen
920 921
  permission_delete_wiki_pages: Wiki-Seiten löschen
921 922
  permission_delete_wiki_pages_attachments: Anhänge löschen
922 923
  permission_delete_documents: Dokumente löschen
config/locales/en.yml
500 500
  permission_add_subprojects: Create subprojects
501 501
  permission_edit_project: Edit project
502 502
  permission_close_project: Close / reopen the project
503
  permission_delete_project: Delete the project
503 504
  permission_select_project_modules: Select project modules
504 505
  permission_manage_members: Manage members
505 506
  permission_manage_project_activities: Manage project activities
lib/redmine.rb
84 84
  map.permission :add_project, {:projects => [:new, :create]}, :require => :loggedin
85 85
  map.permission :edit_project, {:projects => [:settings, :edit, :update]}, :require => :member
86 86
  map.permission :close_project, {:projects => [:close, :reopen]}, :require => :member, :read => true
87
  map.permission :delete_project, {:projects => :destroy}, :require => :member
87 88
  map.permission :select_project_modules, {:projects => :modules}, :require => :member
88 89
  map.permission :view_members, {:members => [:index, :show]}, :public => true, :read => true
89 90
  map.permission :manage_members, {:projects => :settings, :members => [:index, :show, :new, :create, :edit, :update, :destroy, :autocomplete]}, :require => :member
test/fixtures/roles.yml
10 10
    - :add_project
11 11
    - :edit_project
12 12
    - :close_project
13
    - :delete_project
13 14
    - :select_project_modules
14 15
    - :manage_members
15 16
    - :manage_versions
......
77 78
  permissions: |
78 79
    ---
79 80
    - :edit_project
81
    - :delete_project
80 82
    - :manage_members
81 83
    - :manage_versions
82 84
    - :manage_categories
test/functional/projects_controller_test.rb
1059 1059
    assert_nil Project.find_by_id(1)
1060 1060
  end
1061 1061

  
1062
  def test_destroy_with_normal_user_should_destroy
1063
    set_tmp_attachments_directory
1064
    @request.session[:user_id] = 2 # non-admin
1065

  
1066
    assert_difference 'Project.count', -1 do
1067
      delete(
1068
        :destroy,
1069
        :params => {
1070
          :id => 2,
1071
          :confirm => 1
1072
        }
1073
      )
1074
      assert_redirected_to '/projects'
1075
    end
1076
    assert_nil Project.find_by_id(2)
1077
  end
1078

  
1079
  def test_destroy_with_normal_user_should_not_destroy_with_subprojects
1080
    set_tmp_attachments_directory
1081
    @request.session[:user_id] = 2 # non-admin
1082

  
1083
    assert_difference 'Project.count', 0 do
1084
      delete(
1085
        :destroy,
1086
        :params => {
1087
          :id => 1,
1088
          :confirm => 1
1089
        }
1090
      )
1091
      assert_response 403
1092
    end
1093
    assert Project.find(1)
1094
  end
1095

  
1062 1096
  def test_archive
1063 1097
    @request.session[:user_id] = 1 # admin
1064 1098
    post(:archive, :params => {:id => 1})
1065
-