# Authorize the user for the requested action
def authorize(ctrl = params[:controller], action = params[:action], global = false)
- allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project, :global => global)
+ allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
allowed ? true : deny_access
end
:update => (@project && (User.current.allowed_to?(:edit_issues, @project) || (User.current.allowed_to?(:change_status, @project) && @allowed_statuses && !@allowed_statuses.empty?))),
:move => (@project && User.current.allowed_to?(:move_issues, @project)),
:copy => (@issue && @project.trackers.include?(@issue.tracker) && User.current.allowed_to?(:add_issues, @project)),
- :delete => (@project && User.current.allowed_to?(:delete_issues, @project))
+ :delete => User.current.allowed_to?(:delete_issues, @projects)
}
if @project
@assignables = @project.assignable_users
before_filter :find_issue, :only => [:show, :edit, :update]
before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :move, :perform_move, :destroy]
- before_filter :check_project_uniqueness, :only => [:bulk_edit, :bulk_update, :move, :perform_move, :destroy]
+ before_filter :check_project_uniqueness, :only => [:bulk_edit, :bulk_update, :move, :perform_move]
before_filter :find_project, :only => [:new, :create]
before_filter :authorize, :except => [:index]
before_filter :find_optional_project, :only => [:index]
end
@issues.each(&:destroy)
respond_to do |format|
- format.html { redirect_to :action => 'index', :project_id => @project }
+ format.html { redirect_back_or_default(:action => 'index', :project_id => @project) }
format.xml { head :ok }
format.json { head :ok }
end
:class => 'icon-copy', :disabled => !@can[:move] %></li>
<li><%= context_menu_link l(:button_move), new_issue_move_path(:ids => @issues.collect(&:id)),
:class => 'icon-move', :disabled => !@can[:move] %></li>
- <li><%= context_menu_link l(:button_delete), {:controller => 'issues', :action => 'destroy', :ids => @issues.collect(&:id)},
+ <li><%= context_menu_link l(:button_delete), {:controller => 'issues', :action => 'destroy', :ids => @issues.collect(&:id), :back_url => @back},
:method => :post, :confirm => l(:text_issues_destroy_confirmation), :class => 'icon-del', :disabled => !@can[:delete] %></li>
<%= call_hook(:view_issues_context_menu_end, {:issues => @issues, :can => @can, :back => @back }) %>
:class => 'icon-del' }
end
- def test_context_menu_multiple_issues_of_different_project
+ def test_context_menu_multiple_issues_of_different_projects
@request.session[:user_id] = 2
- get :issues, :ids => [1, 2, 4]
+ get :issues, :ids => [1, 2, 6]
assert_response :success
assert_template 'context_menu'
+ ids = "ids%5B%5D=1&ids%5B%5D=2&ids%5B%5D=6"
assert_tag :tag => 'a', :content => 'Delete',
- :attributes => { :href => '#',
- :class => 'icon-del disabled' }
+ :attributes => { :href => "/issues/destroy?#{ids}",
+ :class => 'icon-del' }
end
end
assert_equal 2, TimeEntry.find(2).issue_id
end
+ def test_destroy_issues_from_different_projects
+ @request.session[:user_id] = 2
+ post :destroy, :ids => [1, 2, 6], :todo => 'destroy'
+ assert_redirected_to :controller => 'issues', :action => 'index'
+ assert !(Issue.find_by_id(1) || Issue.find_by_id(2) || Issue.find_by_id(6))
+ end
+
def test_default_search_scope
get :index
assert_tag :div, :attributes => {:id => 'quick-search'},