From 6346fe26213517cfa882338bd5a0a3fe3af26ee2 Mon Sep 17 00:00:00 2001
From: Kevin Fischer <kevin@agileware.jp>
Date: Sat, 13 Feb 2021 07:05:38 +0000
Subject: Patch for public-project-permission-9029

---
 app/models/project.rb                         |  7 +++-
 app/views/projects/_form.html.erb             | 11 ++++-
 config/locales/de.yml                         |  1 +
 config/locales/en.yml                         |  1 +
 config/locales/ja.yml                         |  1 +
 ...13065920_add_publish_project_permission.rb |  7 ++++
 lib/redmine.rb                                |  1 +
 test/fixtures/roles.yml                       |  3 ++
 test/functional/projects_controller_test.rb   | 40 +++++++++++++++++++
 9 files changed, 69 insertions(+), 3 deletions(-)
 create mode 100644 db/migrate/20210213065920_add_publish_project_permission.rb

diff --git a/app/models/project.rb b/app/models/project.rb
index a3db05f94..9c0dbd75a 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -824,7 +824,6 @@ class Project < ActiveRecord::Base
     'name',
     'description',
     'homepage',
-    'is_public',
     'identifier',
     'custom_field_values',
     'custom_fields',
@@ -850,6 +849,12 @@ class Project < ActiveRecord::Base
       end
   )
 
+  safe_attributes(
+    'is_public',
+    :if => lambda do |project, user|
+      user.allowed_to?(:publish_project, project)
+    end)
+
   safe_attributes(
     'inherit_members',
     :if => lambda {|project, user| project.parent.nil? || project.parent.visible?(user)})
diff --git a/app/views/projects/_form.html.erb b/app/views/projects/_form.html.erb
index 7c988fb0e..6e0aac67e 100644
--- a/app/views/projects/_form.html.erb
+++ b/app/views/projects/_form.html.erb
@@ -11,8 +11,15 @@
 <% end %></p>
 <p><%= f.text_field :homepage, :size => 60 %></p>
 <p>
-  <%= f.check_box :is_public %>
-  <em class="info"><%= Setting.login_required? ? l(:text_project_is_public_non_member) : l(:text_project_is_public_anonymous) %></em>
+  <% if @project.safe_attribute? 'is_public' %>
+    <%= f.check_box :is_public, disabled: !(@project.is_public? || User.current.allowed_to?(:publish_project, @project)) %>
+    <em class="info"><%= Setting.login_required? ? l(:text_project_is_public_non_member) : l(:text_project_is_public_anonymous) %></em>
+  <% else %>
+    <%= f.label_for_field(:is_public) %>
+    <span id="project_is_public" style="padding-top: 3px; padding-left: 3px; display: inline-block">
+      <%= @project.is_public ? l(:general_text_Yes) : l(:general_text_No) %>
+    </span>
+  <% end %>
 </p>
 
 <% unless @project.allowed_parents.compact.empty? %>
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 62e3f74e9..7e12c5e86 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -948,6 +948,7 @@ de:
   permission_manage_versions: Versionen verwalten
   permission_manage_wiki: Wiki verwalten
   permission_protect_wiki_pages: Wiki-Seiten schützen
+  permission_publish_project: Projekt als öffentlich markieren
   permission_rename_wiki_pages: Wiki-Seiten umbenennen
   permission_save_queries: Filter speichern
   permission_select_project_modules: Projektmodule auswählen
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 00f246f33..df3c8c82b 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -509,6 +509,7 @@ en:
   permission_add_project: Create project
   permission_add_subprojects: Create subprojects
   permission_edit_project: Edit project
+  permission_publish_project: Publish project
   permission_close_project: Close / reopen the project
   permission_delete_project: Delete the project
   permission_select_project_modules: Select project modules
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 950ba4027..8f75c2935 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -406,6 +406,7 @@ ja:
   permission_add_project: プロジェクトの追加
   permission_add_subprojects: サブプロジェクトの追加
   permission_edit_project: プロジェクトの編集
+  permission_publish_project: プロジェクトの公開
   permission_select_project_modules: モジュールの選択
   permission_manage_members: メンバーの管理
   permission_manage_versions: バージョンの管理
diff --git a/db/migrate/20210213065920_add_publish_project_permission.rb b/db/migrate/20210213065920_add_publish_project_permission.rb
new file mode 100644
index 000000000..afa5602d8
--- /dev/null
+++ b/db/migrate/20210213065920_add_publish_project_permission.rb
@@ -0,0 +1,7 @@
+class AddPublishProjectPermission < ActiveRecord::Migration[5.2]
+  def up
+    Role.all.each do |role|
+      role.add_permission! :publish_project if role.has_permission?(:add_project) || role.has_permission?(:edit_project)
+    end
+  end
+end
diff --git a/lib/redmine.rb b/lib/redmine.rb
index 409da528a..9c2cbb84a 100644
--- a/lib/redmine.rb
+++ b/lib/redmine.rb
@@ -83,6 +83,7 @@ Redmine::AccessControl.map do |map|
   map.permission :search_project, {:search => :index}, :public => true, :read => true
   map.permission :add_project, {:projects => [:new, :create]}, :require => :loggedin
   map.permission :edit_project, {:projects => [:settings, :edit, :update]}, :require => :member
+  map.permission :publish_project, {}
   map.permission :close_project, {:projects => [:close, :reopen]}, :require => :member, :read => true
   map.permission :delete_project, {:projects => :destroy}, :require => :member
   map.permission :select_project_modules, {:projects => :modules}, :require => :member
diff --git a/test/fixtures/roles.yml b/test/fixtures/roles.yml
index 650511e2d..e1530605f 100644
--- a/test/fixtures/roles.yml
+++ b/test/fixtures/roles.yml
@@ -9,6 +9,7 @@ roles_001:
     ---
     - :add_project
     - :edit_project
+    - :publish_project
     - :close_project
     - :delete_project
     - :select_project_modules
@@ -78,6 +79,7 @@ roles_002:
   permissions: |
     ---
     - :edit_project
+    - :publish_project
     - :delete_project
     - :manage_members
     - :manage_versions
@@ -129,6 +131,7 @@ roles_003:
   permissions: |
     ---
     - :edit_project
+    - :publish_project
     - :manage_members
     - :manage_versions
     - :manage_categories
diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb
index 89945de75..25d5b46f7 100644
--- a/test/functional/projects_controller_test.rb
+++ b/test/functional/projects_controller_test.rb
@@ -1365,4 +1365,44 @@ class ProjectsControllerTest < Redmine::ControllerTest
       assert_select 'a[href=?]', '/projects/ecookbook/search?scope=subprojects'
     end
   end
+
+  def test_user_without_publish_project_permission_cannot_publish
+    project = Project.generate!(is_public: false)
+    user = User.generate!
+    User.add_to_project(user, project, Role.generate!(:permissions => [:edit_project])) # No Publish Project permission
+
+    @request.session[:user_id] = user.id
+    post(
+      :update,
+      params: {id: project.id, project: {is_public: true}}
+    )
+
+    assert_response 302
+    assert_equal project.reload.is_public?, false
+  end
+
+  def test_without_publish_project_permission_publish_there_is_no_checkbox
+    project = Project.generate!(is_public: false)
+    user = User.generate!
+    User.add_to_project(user, project, Role.generate!(:permissions => [:edit_project])) # No Publish Project permission
+
+    @request.session[:user_id] = user.id
+    get(
+      :settings,
+      params: {id: project.id}
+    )
+
+    assert_select '#project_is_public', :text => 'No'
+
+    # Test Yes
+    project.update(is_public: true)
+
+    @request.session[:user_id] = user.id
+    get(
+      :settings,
+      params: {id: project.id}
+    )
+
+    assert_select '#project_is_public', :text => 'Yes'
+  end
 end
-- 
2.30.0