From: Marius Balteanu Date: Thu, 5 Aug 2021 23:48:47 +0000 (+0000) Subject: Adds tests for issue attachment edit by user without edit issue permission on tracker... X-Git-Tag: 5.0.0~295 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=1146831b3dec4cc801d078bfc58bed1ec8d49c52;p=redmine.git Adds tests for issue attachment edit by user without edit issue permission on tracker (#35634). git-svn-id: http://svn.redmine.org/redmine/trunk@21141 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/test/functional/attachments_controller_test.rb b/test/functional/attachments_controller_test.rb index f9f89ffd9..e7f6d3a2f 100644 --- a/test/functional/attachments_controller_test.rb +++ b/test/functional/attachments_controller_test.rb @@ -524,6 +524,23 @@ class AttachmentsControllerTest < Redmine::ControllerTest assert_response 403 end + def test_edit_all_issue_attachment_by_user_without_edit_issue_permission_on_tracker_should_return_404 + role = Role.find(2) + role.set_permission_trackers 'edit_issues', [2, 3] + role.save! + + @request.session[:user_id] = 2 + + get( + :edit_all, + :params => { + :object_type => 'issues', + :object_id => '4' + } + ) + assert_response 404 + end + def test_update_all @request.session[:user_id] = 2 patch( diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb index 9e77fed12..e86048687 100644 --- a/test/functional/issues_controller_test.rb +++ b/test/functional/issues_controller_test.rb @@ -3157,6 +3157,19 @@ class IssuesControllerTest < Redmine::ControllerTest assert_select 'span.badge.badge-private', text: 'Private' end + def test_show_should_not_display_edit_attachment_icon_for_user_without_edit_issue_permission_on_tracker + role = Role.find(2) + role.set_permission_trackers 'edit_issues', [2, 3] + role.save! + + @request.session[:user_id] = 2 + + get :show, params: {id: 4} + + assert_response :success + assert_select 'div.attachments .icon-edit', 0 + end + def test_get_new @request.session[:user_id] = 2 get(