def self.allowed_to_condition(user, permission, options={})
statements = []
base_statement = "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}"
+ if perm = Redmine::AccessControl.permission(permission)
+ unless perm.project_module.nil?
+ # If the permission belongs to a project module, make sure the module is enabled
+ base_statement << " AND EXISTS (SELECT em.id FROM #{EnabledModule.table_name} em WHERE em.name='#{perm.project_module}' AND em.project_id=#{Project.table_name}.id)"
+ end
+ end
if options[:project]
project_statement = "#{Project.table_name}.id = #{options[:project].id}"
project_statement << " OR #{Project.table_name}.parent_id = #{options[:project].id}" if options[:with_subprojects]
@permissions
end
+ # Returns the permission of given name or nil if it wasn't found
+ # Argument should be a symbol
+ def permission(name)
+ permissions.detect {|p| p.name == name}
+ end
+
+ # Returns the actions that are allowed by the permission of given name
def allowed_actions(permission_name)
- perm = @permissions.detect {|p| p.name == permission_name}
+ perm = permission(permission_name)
perm ? perm.actions : []
end
@actions << "#{controller}/#{actions}"
end
end
+ @actions.flatten!
end
def public?
assert_no_tag :tag => 'a', :content => /Issue of a private subproject/
assert_no_tag :tag => 'a', :content => /Issue on project 2/
end
+
+ def test_index_should_not_list_issues_when_module_disabled
+ EnabledModule.delete_all("name = 'issue_tracking' AND project_id = 1")
+ get :index
+ assert_response :success
+ assert_template 'index.rhtml'
+ assert_not_nil assigns(:issues)
+ assert_nil assigns(:project)
+ assert_no_tag :tag => 'a', :content => /Can't print recipes/
+ assert_tag :tag => 'a', :content => /Subproject issue/
+ end
def test_index_with_project
Setting.display_subprojects_issues = 0
--- /dev/null
+# Redmine - project management software
+# Copyright (C) 2006-2008 Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+require File.dirname(__FILE__) + '/../../../test_helper'
+
+class Redmine::AccessControlTest < Test::Unit::TestCase
+
+ def setup
+ @access_module = Redmine::AccessControl
+ end
+
+ def test_permissions
+ perms = @access_module.permissions
+ assert perms.is_a?(Array)
+ assert perms.first.is_a?(Redmine::AccessControl::Permission)
+ end
+
+ def test_module_permission
+ perm = @access_module.permission(:view_issues)
+ assert perm.is_a?(Redmine::AccessControl::Permission)
+ assert_equal :view_issues, perm.name
+ assert_equal :issue_tracking, perm.project_module
+ assert perm.actions.is_a?(Array)
+ assert perm.actions.include?('issues/index')
+ end
+
+ def test_no_module_permission
+ perm = @access_module.permission(:edit_project)
+ assert perm.is_a?(Redmine::AccessControl::Permission)
+ assert_equal :edit_project, perm.name
+ assert_nil perm.project_module
+ assert perm.actions.is_a?(Array)
+ assert perm.actions.include?('projects/settings')
+ end
+end
projects / redmine.git / commitdiff