user_tracker_permission?(user, :delete_issues)
end
+ # Overrides Redmine::Acts::Attachable::InstanceMethods#attachments_deletable?
+ def attachments_deletable?(user=User.current)
+ attributes_editable?(user)
+ end
+
def initialize(attributes=nil, *args)
super
if new_record?
assert_response 302
assert Attachment.find_by_id(3)
end
+
+ def test_destroy_issue_attachment_by_user_without_edit_issue_permission_on_tracker
+ role = Role.find(2)
+ role.set_permission_trackers 'edit_issues', [2, 3]
+ role.save!
+
+ @request.session[:user_id] = 2
+
+ set_tmp_attachments_directory
+ assert_no_difference 'Attachment.count' do
+ delete(
+ :destroy,
+ :params => {
+ :id => 7
+ }
+ )
+ end
+
+ assert_response 403
+ assert Attachment.find_by_id(7)
+ end
end
assert_select 'div.attachments .icon-edit', 0
end
+ def test_show_should_not_display_delete_attachment_icon_for_user_without_edit_issue_permission_on_tracker
+ role = Role.find(2)
+ role.set_permission_trackers 'edit_issues', [2, 3]
+ role.save!
+
+ @request.session[:user_id] = 2
+
+ get :show, params: {id: 4}
+
+ assert_response :success
+ assert_select 'div.attachments .icon-del', 0
+ end
+
def test_get_new
@request.session[:user_id] = 2
get(
projects / redmine.git / commitdiff