Adds tests for issue attachment edit by user without edit issue permission on tracker...

git-svn-id: http://svn.redmine.org/redmine/trunk@21141 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/test/functional/attachments_controller_test.rb b/test/functional/attachments_controller_test.rb
index f9f89ffd954800d8cddf636a12681419e04a24f6..e7f6d3a2f542556d9c478153d75851f59eccb20e 100644 (file)
--- a/test/functional/attachments_controller_test.rb
+++ b/test/functional/attachments_controller_test.rb
@@ -524,6 +524,23 @@ class AttachmentsControllerTest < Redmine::ControllerTest
     assert_response 403
   end
 
+  def test_edit_all_issue_attachment_by_user_without_edit_issue_permission_on_tracker_should_return_404
+    role = Role.find(2)
+    role.set_permission_trackers 'edit_issues', [2, 3]
+    role.save!
+
+    @request.session[:user_id] = 2
+
+    get(
+      :edit_all,
+      :params => {
+        :object_type => 'issues',
+        :object_id => '4'
+      }
+    )
+    assert_response 404
+  end
+
   def test_update_all
     @request.session[:user_id] = 2
     patch(

diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index 9e77fed121b1aa272127f4bcd945aaf55a67b3dd..e860486876847f9fc004c00f4a3c1c670c3498ee 100644 (file)
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -3157,6 +3157,19 @@ class IssuesControllerTest < Redmine::ControllerTest
     assert_select 'span.badge.badge-private', text: 'Private'
   end
 
+  def test_show_should_not_display_edit_attachment_icon_for_user_without_edit_issue_permission_on_tracker
+      role = Role.find(2)
+      role.set_permission_trackers 'edit_issues', [2, 3]
+      role.save!
+
+      @request.session[:user_id] = 2
+
+      get :show, params: {id: 4}
+
+      assert_response :success
+      assert_select 'div.attachments .icon-edit',  0
+  end
+
   def test_get_new
     @request.session[:user_id] = 2
     get(