Merged r23178 from trunk to 5.0-stable (#41465).

git-svn-id: https://svn.redmine.org/redmine/branches/5.0-stable@23180 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/models/issue_import.rb b/app/models/issue_import.rb
index d7e0919d3749cee3cbb5ef8447c0647cad776519..57305e38f681c811ead1ca2dfb0f02c2eb2fb30c 100644 (file)
--- a/app/models/issue_import.rb
+++ b/app/models/issue_import.rb
@@ -50,7 +50,7 @@ class IssueImport < Import
   end
 
   def self.authorized?(user)
-    user.allowed_to?(:import_issues, nil, :global => true)
+    user.allowed_to?(:import_issues, nil, :global => true) && user.allowed_to?(:add_issues, nil, :global => true)
   end
 
   # Returns the objects that were imported

diff --git a/app/models/time_entry_import.rb b/app/models/time_entry_import.rb
index 572a0c356a6cfe1615e7050e79145a0aae90d753..cf9d9d4f4d63a989792f0141d6c8a85c444746c4 100644 (file)
--- a/app/models/time_entry_import.rb
+++ b/app/models/time_entry_import.rb
@@ -32,7 +32,7 @@ class TimeEntryImport < Import
   end
 
   def self.authorized?(user)
-    user.allowed_to?(:import_time_entries, nil, :global => true)
+    user.allowed_to?(:import_time_entries, nil, :global => true) && user.allowed_to?(:log_time, nil, :global => true)
   end
 
   # Returns the objects that were imported

diff --git a/app/views/issues/index.html.erb b/app/views/issues/index.html.erb
index 5a4d6b2c46c77fc1cca65f7dec5e99639058739c..45391548a4f4e8a6bcdc588ccf436d9882f4eb1d 100644 (file)
--- a/app/views/issues/index.html.erb
+++ b/app/views/issues/index.html.erb
@@ -7,7 +7,7 @@
       <%= link_to l(:field_summary), project_issues_report_path(@project), :class => 'icon icon-stats' %>
     <% end %>
 
-    <% if User.current.allowed_to?(:import_issues, @project, :global => true) %>
+    <% if User.current.allowed_to?(:import_issues, @project, :global => true) && User.current.allowed_to?(:add_issues, @project, :global => true) %>
       <%= link_to l(:button_import), new_issues_import_path(:project_id => @project), :class => 'icon icon-import' %>
     <% end %>
 

diff --git a/app/views/timelog/index.html.erb b/app/views/timelog/index.html.erb
index f6751ebc8c18aa70dc3794eed23a1c50e4daee11..b0b05703c472b4f7a0ebd1aae14adf3b40ef48b2 100644 (file)
--- a/app/views/timelog/index.html.erb
+++ b/app/views/timelog/index.html.erb
@@ -3,7 +3,7 @@
             _new_time_entry_path(@project, @query.filtered_issue_id),
             :class => 'icon icon-time-add' if User.current.allowed_to?(:log_time, @project, :global => true) %>
 <%= actions_dropdown do %>
-  <% if User.current.allowed_to?(:import_time_entries, @project, :global => true) %>
+  <% if User.current.allowed_to?(:import_time_entries, @project, :global => true) && User.current.allowed_to?(:log_time, @project, :global => true) %>
     <%= link_to l(:button_import), new_time_entries_import_path(:project_id => @project), :class => 'icon icon-import' %>
   <% end %>
 

diff --git a/test/functional/imports_controller_test.rb b/test/functional/imports_controller_test.rb
index c6fb6d7725e1dbf2775a849ade483f3437f9bf2b..fd7e913902319bcd4e7abe406ab9b3328ae0c731 100644 (file)
--- a/test/functional/imports_controller_test.rb
+++ b/test/functional/imports_controller_test.rb
@@ -52,6 +52,18 @@ class ImportsControllerTest < Redmine::ControllerTest
     assert_select 'input[name=?][type=?][value=?]', 'project_id', 'hidden', 'subproject1'
   end
 
+  def test_new_issue_import_without_add_issues_permission
+    Role.all.map { |role| role.remove_permission! :add_issues }
+    get(:new, :params => {:type => 'IssueImport', :project_id => 'subproject1'})
+    assert_response :forbidden
+  end
+
+  def test_new_time_entry_import_without_log_time_permission
+    Role.all.map { |role| role.remove_permission! :log_time }
+    get(:new, :params => {:type => 'TimeEntryImport', :project_id => 'subproject1'})
+    assert_response :forbidden
+  end
+
   def test_create_should_save_the_file
     import = new_record(Import) do
       post(