before_action :delete_authorize, :only => :destroy
before_action :authorize_global, :only => :upload
- require_sudo_mode :destroy
-
# Disable check for same origin requests for JS files, i.e. attachments with
# MIME type text/javascript.
skip_after_action :verify_same_origin_request, :only => :download
before_action :find_project_by_project_id, :find_board_if_available, :authorize
accept_rss_auth :index, :show
- require_sudo_mode :destroy
-
helper :sort
include SortHelper
helper :watchers
before_action :find_project_from_association
before_action :authorize
- require_sudo_mode :destroy
-
def create
raise Unauthorized unless @news.commentable?
before_action :find_project_from_association, :except => [:index, :new, :create]
before_action :authorize
- require_sudo_mode :destroy
-
helper :attachments
helper :custom_fields
accept_rss_auth :index, :show
accept_api_auth :index, :show, :create, :update, :destroy
- require_sudo_mode :destroy
-
rescue_from Query::StatementInvalid, :with => :query_statement_invalid
helper :journals
before_action :find_message, :except => [:new, :preview]
before_action :authorize, :except => [:preview, :edit, :destroy]
- require_sudo_mode :destroy
-
helper :boards
helper :watchers
helper :attachments
accept_rss_auth :index
accept_api_auth :index, :show, :create, :update, :destroy
- require_sudo_mode :destroy
-
helper :watchers
helper :attachments
before_action :authorize
accept_rss_auth :revisions
- require_sudo_mode :destroy
-
rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed
def new
accept_rss_auth :index
accept_api_auth :index, :show, :create, :update, :destroy
- require_sudo_mode :destroy
-
rescue_from Query::StatementInvalid, :with => :query_statement_invalid
helper :issues
accept_api_auth :index, :show, :create, :update, :destroy
- require_sudo_mode :destroy
-
helper :custom_fields
helper :projects
before_action :find_attachments, :only => [:preview]
accept_api_auth :index, :show, :update, :destroy
- require_sudo_mode :destroy, :destroy_version
-
helper :attachments
include AttachmentsHelper
helper :watchers
menu_item :settings
before_action :find_project, :authorize
- require_sudo_mode :destroy, only: :post
-
# Delete a project's wiki
def destroy
if request.post? && params[:confirm] && @project.wiki
# Requires users to re-enter their password for sensitive actions (editing
# of account data, project memberships, application settings, user, group,
- # role, auth source management, project deletion and deletion of contents
- # such as issues, attachments and wiki pages). Disabled by default.
+ # role, auth source management and project deletion). Disabled by default.
# Timeout is set in minutes.
#
#sudo_mode: true
require File.expand_path('../../test_helper', __FILE__)
class SudoModeTest < Redmine::IntegrationTest
- fixtures :projects, :members, :member_roles, :roles, :users,
- :email_addresses, :trackers, :projects_trackers, :enabled_modules,
- :issue_statuses, :issues, :enumerations
+ fixtures :projects, :members, :member_roles, :roles, :users, :email_addresses
def setup
Redmine::SudoMode.stubs(:enabled?).returns(true)
end
end
- def test_destroy_issue
- log_user 'dlopper', 'foo'
- expire_sudo_mode!
- delete '/issues/2'
- assert_response :success
- assert_select 'h2', 'Confirm your password to continue'
- assert_select 'form[action="/issues/2"]'
- assert_select '#flash_error', 0
-
- delete '/issues/2', :params => {:sudo_password => 'wrong'}
- assert_response :success
- assert_select 'h2', 'Confirm your password to continue'
-
- assert_difference 'Issue.count', -1 do
- delete '/issues/2', :params => {:sudo_password => 'foo'}
- end
- end
-
private
# sudo mode is active after sign, let it expire by advancing the time
projects / redmine.git / commitdiff