Fixes behaviour of move_issues permission for non member role (#5309).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3683 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 1a2f96d5646eaba1549dae7ebd16552e9b8aa796..1d13afa0ef96660340202c7bf38f0107a840bd77 100644 (file)
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -267,14 +267,7 @@ class IssuesController < ApplicationController
   def move
     @issues.sort!
     @copy = params[:copy_options] && params[:copy_options][:copy]
-    @allowed_projects = []
-    # find projects to which the user is allowed to move the issue
-    if User.current.admin?
-      # admin is allowed to move issues to any active (visible) project
-      @allowed_projects = Project.find(:all, :conditions => Project.visible_by(User.current))
-    else
-      User.current.memberships.each {|m| @allowed_projects << m.project if m.roles.detect {|r| r.allowed_to?(:move_issues)}}
-    end
+    @allowed_projects = Issue.allowed_target_projects_on_move
     @target_project = @allowed_projects.detect {|p| p.id.to_s == params[:new_project_id]} if params[:new_project_id]
     @target_project ||= @project    
     @trackers = @target_project.trackers

diff --git a/app/models/issue.rb b/app/models/issue.rb
index 263cae1329a5a746d5132eaeb12c73821deedf02..4fa072afdfcadb89bf4508add45eb7c2d888eee0 100644 (file)
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -600,6 +600,22 @@ class Issue < ActiveRecord::Base
   end
   # End ReportsController extraction
   
+  # Returns an array of projects that current user can move issues to
+  def self.allowed_target_projects_on_move
+    projects = []
+    if User.current.admin?
+      # admin is allowed to move issues to any active (visible) project
+      projects = Project.visible.all
+    elsif User.current.logged?
+      if Role.non_member.allowed_to?(:move_issues)
+        projects = Project.visible.all
+      else
+        User.current.memberships.each {|m| projects << m.project if m.roles.detect {|r| r.allowed_to?(:move_issues)}}
+      end
+    end
+    projects
+  end
+   
   private
   
   def update_nested_set_attributes

diff --git a/test/unit/issue_test.rb b/test/unit/issue_test.rb
index de53125f5a66db8f9f6058aa37d0edc9b85805ab..e0eb479d96f66df74a9b5809e374cf69f60d1192 100644 (file)
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@@ -667,6 +667,23 @@ class IssueTest < ActiveSupport::TestCase
     assert_equal 2, groups.size
     assert_equal 5, groups.inject(0) {|sum, group| sum + group['total'].to_i}
   end
+  
+  
+  context ".allowed_target_projects_on_move" do
+    should "return all active projects for admin users" do
+      User.current = User.find(1)
+      assert_equal Project.active.count, Issue.allowed_target_projects_on_move.size
+    end
+    
+    should "return allowed projects for non admin users" do
+      User.current = User.find(2)
+      Role.non_member.remove_permission! :move_issues
+      assert_equal 3, Issue.allowed_target_projects_on_move.size
+      
+      Role.non_member.add_permission! :move_issues
+      assert_equal Project.active.count, Issue.allowed_target_projects_on_move.size
+    end
+  end
 
   def test_recently_updated_with_limit_scopes
     #should return the last updated issue