]> source.dussan.org Git - redmine.git/commitdiff
Only admin users should be able to manage public queries on the project list (#29482).
authorJean-Philippe Lang <jp_lang@yahoo.fr>
Wed, 20 Nov 2019 15:01:24 +0000 (15:01 +0000)
committerJean-Philippe Lang <jp_lang@yahoo.fr>
Wed, 20 Nov 2019 15:01:24 +0000 (15:01 +0000)
Like for issues, project members with the "Manage public" queries are allowed to manage public queries inside their projects, not public global queries that are proposed on /issues.

git-svn-id: http://svn.redmine.org/redmine/trunk@19091 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/queries_controller.rb
app/views/queries/_form.html.erb
test/functional/queries_controller_test.rb

index 3488061983242742515b63580dfde947c44a5d49..56283dc30b4851c4fc30556a66b5296278b6750d 100644 (file)
@@ -126,7 +126,7 @@ class QueriesController < ApplicationController
     @query.column_names = nil if params[:default_columns]
     @query.sort_criteria = (params[:query] && params[:query][:sort_criteria]) || @query.sort_criteria
     @query.name = params[:query] && params[:query][:name]
-    if User.current.allowed_to?(:manage_public_queries, @query.project) || User.current.admin? || (@query.type == 'ProjectQuery' && User.current.allowed_to?(:manage_public_queries, @query.project, :global => true))
+    if User.current.allowed_to?(:manage_public_queries, @query.project) || User.current.admin?
       @query.visibility = (params[:query] && params[:query][:visibility]) || Query::VISIBILITY_PRIVATE
       @query.role_ids = params[:query] && params[:query][:role_ids]
     else
index 071496f5229f90de0e9bd0f8b7fdf33285dbf74b..7227a6c5fd1b55ba98d4f45eedcf531acacc6ac0 100644 (file)
@@ -8,8 +8,7 @@
 <%= text_field 'query', 'name', :size => 80 %></p>
 
 <% if User.current.admin? ||
-      User.current.allowed_to?(:manage_public_queries, @query.project) ||
-      @query.type == 'ProjectQuery' &&  User.current.allowed_to?(:manage_public_queries, @query.project, :global => true) %>
+      User.current.allowed_to?(:manage_public_queries, @query.project) %>
 <p><label><%=l(:field_visible)%></label>
   <label class="block"><%= radio_button 'query', 'visibility', Query::VISIBILITY_PRIVATE %> <%= l(:label_visibility_private) %></label>
   <label class="block"><%= radio_button 'query', 'visibility', Query::VISIBILITY_PUBLIC %> <%= l(:label_visibility_public) %></label>
index 923202b02e15c1ff3fa42463ab4ef43f4eef6104..55c46478c46b328246fd8f4103a80b33f714e0bd 100644 (file)
@@ -495,7 +495,7 @@ class QueriesControllerTest < Redmine::ControllerTest
   end
 
   def test_create_public_project_query
-    @request.session[:user_id] = 2
+    @request.session[:user_id] = 1
 
     q = new_record(ProjectQuery) do
       post :create, :params => {