4687-v2.patch - Redmine

       menu_item :projects, :only => [:index, :new, :copy, :create]
       before_action :find_project,
                     :except => [:index, :autocomplete, :list, :new, :create, :copy]
                     :except => [:index, :autocomplete, :list, :new, :create]
       before_action :authorize,
                     :except => [:index, :autocomplete, :list, :new, :create, :copy,
                     :except => [:index, :autocomplete, :list, :new, :create,
                                 :archive, :unarchive]
       before_action :authorize_global, :only => [:new, :create]
       before_action :require_admin, :only => [:copy, :archive, :unarchive]
       before_action :require_admin, :only => [:archive, :unarchive]
       accept_rss_auth :index
       accept_api_auth :index, :show, :create, :update, :destroy
       require_sudo_mode :destroy
-...
       end
       def copy
         @project = nil # Reset because source project was set in @project for authorize.
         @issue_custom_fields = IssueCustomField.sorted.to_a
         @trackers = Tracker.sorted.to_a
         @source_project = Project.find(params[:id])

       <% if User.current.allowed_to?(:add_subprojects, @project) %>
         <%= link_to l(:label_subproject_new), new_project_path(:parent_id => @project), :class => 'icon icon-add' %>
       <% end %>
       <% if User.current.allowed_to?(:copy_project, @project) %>
         <%= link_to(l(:button_copy), copy_project_path(@project), :class => 'icon icon-copy') %>
       <% end %>
       <% if User.current.allowed_to?(:close_project, @project) %>
         <% if @project.active? %>
           <%= link_to l(:button_close), close_project_path(@project), :data => {:confirm => l(:text_are_you_sure)}, :method => :post, :class => 'icon icon-lock' %>

lib/redmine.rb
90	90	map.permission :manage_members, {:projects => :settings, :members => [:index, :show, :new, :create, :edit, :update, :destroy, :autocomplete]}, :require => :member
91	91	map.permission :manage_versions, {:projects => :settings, :versions => [:new, :create, :edit, :update, :close_completed, :destroy]}, :require => :member
92	92	map.permission :add_subprojects, {:projects => [:new, :create]}, :require => :member
	93	map.permission :copy_project, {:projects => [:copy]}, :require => :member
93	94	# Queries
94	95	map.permission :manage_public_queries, {:queries => [:new, :create, :edit, :update, :destroy]}, :require => :member
95	96	map.permission :save_queries, {:queries => [:new, :create, :edit, :update, :destroy]}, :require => :loggedin

         end
       end
       def test_get_copy
       def test_get_copy_by_admin_user
         @request.session[:user_id] = 1 # admin
         orig = Project.find(1) # Login user is no member
         get(:copy, :params => {:id => orig.id})
         assert_response :success
         assert_select 'textarea[name=?]', 'project[description]', :text => orig.description
         assert_select 'input[name=?][value=?]', 'project[enabled_module_names][]', 'issue_tracking', 1
       end
       def test_get_copy_by_non_admin_user_with_copy_project_permission
         @request.session[:user_id] = 3
         Role.find(2).add_permission! :copy_project
         orig = Project.find(1)
         get(:copy, :params => {:id => orig.id})
         assert_response :success
-...
         assert_select 'input[name=?][value=?]', 'project[enabled_module_names][]', 'issue_tracking', 1
       end
       def test_get_copy_by_non_admin_user_without_copy_project_permission_should_respond_with_403
         @request.session[:user_id] = 3
         Role.find(2).remove_permission! :copy_project
         orig = Project.find(1)
         get(:copy, :params => {:id => orig.id})
         assert_response 403
       end
       def test_get_copy_with_invalid_source_should_respond_with_404
         @request.session[:user_id] = 1
         get(:copy, :params => {:id => 99})

Redmine