validates :estimated_hours, :numericality => {:greater_than_or_equal_to => 0, :allow_nil => true, :message => :invalid}
validates :start_date, :date => true
validates :due_date, :date => true
- validate :validate_issue, :validate_required_fields
+ validate :validate_issue, :validate_required_fields, :validate_permissions
attr_protected :id
scope :visible, lambda {|*args|
# attr_accessible is too rough because we still want things like
# Issue.new(:project => foo) to work
def safe_attributes=(attrs, user=User.current)
+ @attributes_set_by = user
return unless attrs.is_a?(Hash)
attrs = attrs.deep_dup
end
end
+ def validate_permissions
+ if @attributes_set_by && new_record? && copy?
+ unless allowed_target_trackers(@attributes_set_by).include?(tracker)
+ errors.add :tracker, :invalid
+ end
+ end
+ end
+
# Overrides Redmine::Acts::Customizable::InstanceMethods#validate_custom_field_values
# so that custom values that are not editable are not validated (eg. a custom field that
# is marked as required should not trigger a validation error if the user is not allowed
assert_equal 1, issue.status_id
end
+ def test_create_as_copy_should_fail_without_add_issue_permission_on_original_tracker
+ role = Role.find(2)
+ role.set_permission_trackers :add_issues, [1, 3]
+ role.save!
+ Role.non_member.remove_permission! :add_issues
+
+ issue = Issue.generate!(:project_id => 1, :tracker_id => 2)
+ @request.session[:user_id] = 3
+
+ assert_no_difference 'Issue.count' do
+ post :create, :project_id => 1, :copy_from => issue.id,
+ :issue => {:project_id => '1'}
+ end
+ assert_select_error 'Tracker is invalid'
+ end
+
def test_create_as_copy_should_copy_attachments
@request.session[:user_id] = 2
issue = Issue.find(3)
projects / redmine.git / commitdiff