unless handler_options[:no_permission_check]
unless user.allowed_to?(:add_issue_notes, issue.project) ||
user.allowed_to?(:edit_issues, issue.project)
- raise UnauthorizedAction, "not allowed to add notes on issues to project [#{project.name}]"
+ raise UnauthorizedAction, "not allowed to add notes on issues to project [#{issue.project.name}]"
end
end
end
unless handler_options[:no_permission_check]
- raise UnauthorizedAction, "not allowed to add messages to project [#{project.name}]" unless user.allowed_to?(:add_messages, message.project)
+ raise UnauthorizedAction, "not allowed to add messages to project [#{message.project.name}]" unless user.allowed_to?(:add_messages, message.project)
end
if !message.locked?
end
end
+ def test_reply_to_a_issue_without_permission
+ set_tmp_attachments_directory
+ Role.all.each {|r| r.remove_permission! :add_issue_notes, :edit_issues}
+ assert_no_difference 'Issue.count' do
+ assert_no_difference 'Journal.count' do
+ assert_not submit_email('ticket_reply_with_status.eml')
+ end
+ end
+ end
+
def test_reply_to_a_nonexitent_journal
journal_id = Issue.find(2).journals.last.id
Journal.destroy(journal_id)
end
end
+ def test_reply_to_a_topic_without_permission
+ Role.all.each {|r| r.remove_permission! :add_messages}
+ assert_no_difference('Message.count') do
+ assert_not submit_email('message_reply_by_subject.eml')
+ end
+ end
+
def test_should_convert_tags_of_html_only_emails
with_settings :text_formatting => 'textile' do
issue = submit_email('ticket_html_only.eml', :issue => {:project => 'ecookbook'})
projects / redmine.git / commitdiff