0002-Fixed-attachments-deletable-by-user-without-edit-per.patch - Redmine

Defect #35634 » 0002-Fixed-attachments-deletable-by-user-without-edit-per.patch

Marius BĂLTEANU, 2021-08-01 13:32

         user_tracker_permission?(user, :delete_issues)
       end
       # Overrides Redmine::Acts::Attachable::InstanceMethods#attachments_deletable?
       def attachments_deletable?(user=User.current)
         attributes_editable?(user)
       end
       def initialize(attributes=nil, *args)
         super
         if new_record?

         assert_response 302
         assert Attachment.find_by_id(3)
       end
       def test_destroy_issue_attachment_by_user_without_edit_issue_permission_on_tracker
         role = Role.find(2)
         role.set_permission_trackers 'edit_issues', [2, 3]
         role.save!
         @request.session[:user_id] = 2
         set_tmp_attachments_directory
         assert_no_difference 'Attachment.count' do
           delete(
             :destroy,
             :params => {
               :id => 7
+            }
+          )
         end
         assert_response 403
         assert Attachment.find_by_id(7)
       end
     end

           assert_select 'div.attachments .icon-edit',  0
       end
       def test_show_should_not_display_delete_attachment_icon_for_user_without_edit_issue_permission_on_tracker
         role = Role.find(2)
         role.set_permission_trackers 'edit_issues', [2, 3]
         role.save!
         @request.session[:user_id] = 2
         get :show, params: {id: 4}
         assert_response :success
         assert_select 'div.attachments .icon-del', 0
       end
       def test_get_new
         @request.session[:user_id] = 2
         get(

(1-1/2)