# Returns true if user or current user is allowed to edit the issue
def attributes_editable?(user=User.current)
- user_tracker_permission?(user, :edit_issues)
+ user_tracker_permission?(user, :edit_issues) || (
+ user_tracker_permission?(user, :edit_own_issues) && author == user
+ )
end
# Overrides Redmine::Acts::Attachable::InstanceMethods#attachments_editable?
permission_view_issues: View Issues
permission_add_issues: Add issues
permission_edit_issues: Edit issues
+ permission_edit_own_issues: Edit own issues
permission_copy_issues: Copy issues
permission_manage_issue_relations: Manage issue relations
permission_set_issues_private: Set issues public or private
:read => true
map.permission :add_issues, {:issues => [:new, :create], :attachments => :upload}
map.permission :edit_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update], :journals => [:new], :attachments => :upload}
+ map.permission :edit_own_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update], :journals => [:new], :attachments => :upload}
map.permission :copy_issues, {:issues => [:new, :create, :bulk_edit, :bulk_update], :attachments => :upload}
map.permission :manage_issue_relations, {:issue_relations => [:index, :show, :create, :destroy]}
map.permission :manage_subtasks, {}
assert_equal false, issue.deletable?(user)
end
+ def test_issue_should_editable_by_author
+ Role.all.each do |r|
+ r.remove_permission! :edit_issues
+ r.add_permission! :edit_own_issues
+ end
+
+ issue = Issue.find(1)
+ user = User.find_by_login('jsmith')
+
+ # author
+ assert_equal user, issue.author
+ assert_equal true, issue.attributes_editable?(user)
+
+ # not author
+ assert_equal false, issue.attributes_editable?(User.find_by_login('dlopper'))
+ end
+
def test_errors_full_messages_should_include_custom_fields_errors
field = IssueCustomField.find_by_name('Database')