From b405a0be535b365276dfdfbf092107bb07c70713 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Tue, 30 Aug 2016 19:32:52 +0000
Subject: [PATCH] Disable "Select project modules" permission does not apply to
 the new project form (#23470).

git-svn-id: http://svn.redmine.org/redmine/trunk@15752 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/models/project.rb                       | 20 +++++++++-
 app/views/projects/_form.html.erb           |  2 +-
 test/functional/projects_controller_test.rb | 44 +++++++++++++++++++++
 3 files changed, 63 insertions(+), 3 deletions(-)

diff --git a/app/models/project.rb b/app/models/project.rb
index b6ca8a095..2fc35ec4d 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -500,12 +500,18 @@ class Project < ActiveRecord::Base
   # Adds user as a project member with the default role
   # Used for when a non-admin user creates a project
   def add_default_member(user)
-    role = Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
+    role = self.class.default_member_role
     member = Member.new(:project => self, :principal => user, :roles => [role])
     self.members << member
     member
   end
 
+	# Default role that is given to non-admin users that
+	# create a project
+  def self.default_member_role
+    Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
+  end
+
   # Deletes all project's members
   def delete_all_members
     me, mr = Member.table_name, MemberRole.table_name
@@ -716,7 +722,17 @@ class Project < ActiveRecord::Base
     'default_version_id'
 
   safe_attributes 'enabled_module_names',
-    :if => lambda {|project, user| project.new_record? || user.allowed_to?(:select_project_modules, project) }
+    :if => lambda {|project, user|
+        if project.new_record?
+          if user.admin?
+            true
+          else
+            default_member_role.has_permission?(:select_project_modules)
+          end
+        else
+          user.allowed_to?(:select_project_modules, project)
+        end
+      }
 
   safe_attributes 'inherit_members',
     :if => lambda {|project, user| project.parent.nil? || project.parent.visible?(user)}
diff --git a/app/views/projects/_form.html.erb b/app/views/projects/_form.html.erb
index b75ce82d6..1e5917e88 100644
--- a/app/views/projects/_form.html.erb
+++ b/app/views/projects/_form.html.erb
@@ -32,7 +32,7 @@
 <%= call_hook(:view_projects_form, :project => @project, :form => f) %>
 </div>
 
-<% if @project.new_record? %>
+<% if @project.new_record? && @project.safe_attribute?('enabled_module_names') %>
 <fieldset class="box tabular"><legend><%= l(:label_module_plural) %></legend>
 <% Redmine::AccessControl.available_project_modules.each do |m| %>
     <label class="floating">
diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb
index 2a2cbbde3..423a4a045 100644
--- a/test/functional/projects_controller_test.rb
+++ b/test/functional/projects_controller_test.rb
@@ -111,6 +111,22 @@ class ProjectsControllerTest < Redmine::ControllerTest
     end
   end
 
+  def test_new_by_non_admin_should_display_modules_if_default_role_is_allowed_to_select_modules
+    Role.non_member.add_permission!(:add_project)
+    default_role = Role.generate!(:permissions => [:view_issues])
+    user = User.generate!
+    @request.session[:user_id] = user.id
+
+    with_settings :new_project_user_role_id => default_role.id.to_s do
+      get :new
+      assert_select 'input[name=?]', 'project[enabled_module_names][]', 0
+
+      default_role.add_permission!(:select_project_modules)
+      get :new
+      assert_select 'input[name=?]', 'project[enabled_module_names][]'
+    end
+  end
+
   def test_new_should_not_display_invalid_search_link
     @request.session[:user_id] = 1
 
@@ -277,6 +293,34 @@ class ProjectsControllerTest < Redmine::ControllerTest
     assert_select_error /Subproject of is invalid/
   end
 
+  def test_create_by_non_admin_should_accept_modules_if_default_role_is_allowed_to_select_modules
+    Role.non_member.add_permission!(:add_project)
+    default_role = Role.generate!(:permissions => [:view_issues, :add_project])
+    user = User.generate!
+    @request.session[:user_id] = user.id
+
+    with_settings :new_project_user_role_id => default_role.id.to_s, :default_projects_modules => %w(news files) do
+      project = new_record(Project) do
+        post :create, :project => {
+            :name => "blog1",
+            :identifier => "blog1",
+            :enabled_module_names => ["issue_tracking", "repository"]
+          }
+      end
+      assert_equal %w(files news), project.enabled_module_names.sort
+
+      default_role.add_permission!(:select_project_modules)
+      project = new_record(Project) do
+        post :create, :project => {
+            :name => "blog2",
+            :identifier => "blog2",
+            :enabled_module_names => ["issue_tracking", "repository"]
+          }
+      end
+      assert_equal %w(issue_tracking repository), project.enabled_module_names.sort
+    end
+  end
+
   def test_create_subproject_with_inherit_members_should_inherit_members
     Role.find_by_name('Manager').add_permission! :add_subprojects
     parent = Project.find(1)
-- 
2.39.5