From da641f4122f7034b87a67e87386104fb5d121166 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sun, 30 Mar 2008 14:20:07 +0000 Subject: [PATCH] Global queries can be saved from the global issue list (follows r1311 and closes #897). git-svn-id: http://redmine.rubyforge.org/svn/trunk@1312 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/queries_controller.rb | 7 ++-- app/models/user.rb | 31 +++++++++------ app/views/issues/_sidebar.rhtml | 2 +- app/views/issues/index.rhtml | 2 +- test/functional/queries_controller_test.rb | 44 +++++++++++++++++----- 5 files changed, 61 insertions(+), 25 deletions(-) diff --git a/app/controllers/queries_controller.rb b/app/controllers/queries_controller.rb index 194b1df57..da2c4a2c8 100644 --- a/app/controllers/queries_controller.rb +++ b/app/controllers/queries_controller.rb @@ -19,7 +19,7 @@ class QueriesController < ApplicationController layout 'base' menu_item :issues before_filter :find_query, :except => :new - before_filter :find_project, :authorize, :only => :new + before_filter :find_optional_project, :only => :new def new @query = Query.new(params[:query]) @@ -72,8 +72,9 @@ private render_404 end - def find_project - @project = Project.find(params[:project_id]) + def find_optional_project + @project = Project.find(params[:project_id]) if params[:project_id] + User.current.allowed_to?(:save_queries, @project, :global => true) rescue ActiveRecord::RecordNotFound render_404 end diff --git a/app/models/user.rb b/app/models/user.rb index ae81d46d2..e0b1e238c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -222,17 +222,26 @@ class User < ActiveRecord::Base # action can be: # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit') # * a permission Symbol (eg. :edit_project) - def allowed_to?(action, project) - # No action allowed on archived projects - return false unless project.active? - # No action allowed on disabled modules - return false unless project.allows_to?(action) - # Admin users are authorized for anything else - return true if admin? - - role = role_for_project(project) - return false unless role - role.allowed_to?(action) && (project.is_public? || role.member?) + def allowed_to?(action, project, options={}) + if project + # No action allowed on archived projects + return false unless project.active? + # No action allowed on disabled modules + return false unless project.allows_to?(action) + # Admin users are authorized for anything else + return true if admin? + + role = role_for_project(project) + return false unless role + role.allowed_to?(action) && (project.is_public? || role.member?) + + elsif options[:global] + # authorize if user has at least one role that has this permission + roles = memberships.collect {|m| m.role}.uniq + roles.detect {|r| r.allowed_to?(action)} + else + false + end end def self.current=(user) diff --git a/app/views/issues/_sidebar.rhtml b/app/views/issues/_sidebar.rhtml index c269eee06..e94d4180b 100644 --- a/app/views/issues/_sidebar.rhtml +++ b/app/views/issues/_sidebar.rhtml @@ -1,6 +1,6 @@ -<% if @project %>

<%= l(:label_issue_plural) %>

<%= link_to l(:label_issue_view_all), { :controller => 'issues', :action => 'index', :project_id => @project, :set_filter => 1 } %>
+<% if @project %> <%= link_to l(:field_summary), :controller => 'reports', :action => 'issue_report', :id => @project %>
<%= link_to l(:label_change_log), :controller => 'projects', :action => 'changelog', :id => @project %> <% end %> diff --git a/app/views/issues/index.rhtml b/app/views/issues/index.rhtml index 0123099f2..027f3f006 100644 --- a/app/views/issues/index.rhtml +++ b/app/views/issues/index.rhtml @@ -18,7 +18,7 @@ :update => "content", }, :class => 'icon icon-reload' %> - <% if current_role && current_role.allowed_to?(:save_queries) %> + <% if User.current.allowed_to?(:save_queries, @project, :global => true) %> <%= link_to l(:button_save), {}, :onclick => "$('query_form').submit(); return false;", :class => 'icon icon-save' %> <% end %>

diff --git a/test/functional/queries_controller_test.rb b/test/functional/queries_controller_test.rb index 86af8edd7..de08b4245 100644 --- a/test/functional/queries_controller_test.rb +++ b/test/functional/queries_controller_test.rb @@ -31,7 +31,7 @@ class QueriesControllerTest < Test::Unit::TestCase User.current = nil end - def test_get_new + def test_get_new_project_query @request.session[:user_id] = 2 get :new, :project_id => 1 assert_response :success @@ -45,6 +45,19 @@ class QueriesControllerTest < Test::Unit::TestCase :disabled => nil } end + def test_get_new_global_query + @request.session[:user_id] = 2 + get :new + assert_response :success + assert_template 'new' + assert_no_tag :tag => 'input', :attributes => { :type => 'checkbox', + :name => 'query[is_public]' } + assert_tag :tag => 'input', :attributes => { :type => 'checkbox', + :name => 'query_is_for_all', + :checked => 'checked', + :disabled => nil } + end + def test_new_project_public_query @request.session[:user_id] = 2 post :new, @@ -54,8 +67,7 @@ class QueriesControllerTest < Test::Unit::TestCase :fields => ["status_id", "assigned_to_id"], :operators => {"assigned_to_id" => "=", "status_id" => "o"}, :values => { "assigned_to_id" => ["1"], "status_id" => ["1"]}, - :query => {"name" => "test_new_project_public_query", "is_public" => "1"}, - :column_names => ["", "tracker", "status", "priority", "subject", "updated_on", "category"] + :query => {"name" => "test_new_project_public_query", "is_public" => "1"} q = Query.find_by_name('test_new_project_public_query') assert_redirected_to :controller => 'issues', :action => 'index', :query_id => q @@ -73,8 +85,7 @@ class QueriesControllerTest < Test::Unit::TestCase :fields => ["status_id", "assigned_to_id"], :operators => {"assigned_to_id" => "=", "status_id" => "o"}, :values => { "assigned_to_id" => ["1"], "status_id" => ["1"]}, - :query => {"name" => "test_new_project_private_query", "is_public" => "1"}, - :column_names => ["", "tracker", "status", "priority", "subject", "updated_on", "category"] + :query => {"name" => "test_new_project_private_query", "is_public" => "1"} q = Query.find_by_name('test_new_project_private_query') assert_redirected_to :controller => 'issues', :action => 'index', :query_id => q @@ -83,6 +94,23 @@ class QueriesControllerTest < Test::Unit::TestCase assert q.valid? end + def test_new_global_private_query_with_custom_columns + @request.session[:user_id] = 3 + post :new, + :confirm => '1', + :fields => ["status_id", "assigned_to_id"], + :operators => {"assigned_to_id" => "=", "status_id" => "o"}, + :values => { "assigned_to_id" => ["me"], "status_id" => ["1"]}, + :query => {"name" => "test_new_global_private_query", "is_public" => "1", "column_names" => ["", "tracker", "subject", "priority", "category"]} + + q = Query.find_by_name('test_new_global_private_query') + assert_redirected_to :controller => 'issues', :action => 'index', :query_id => q + assert !q.is_public? + assert !q.has_default_columns? + assert_equal [:tracker, :subject, :priority, :category], q.columns.collect {|c| c.name} + assert q.valid? + end + def test_get_edit_global_public_query @request.session[:user_id] = 1 get :edit, :id => 4 @@ -106,8 +134,7 @@ class QueriesControllerTest < Test::Unit::TestCase :fields => ["status_id", "assigned_to_id"], :operators => {"assigned_to_id" => "=", "status_id" => "o"}, :values => { "assigned_to_id" => ["1"], "status_id" => ["1"]}, - :query => {"name" => "test_edit_global_public_query", "is_public" => "1"}, - :column_names => ["", "tracker", "status", "priority", "subject", "updated_on", "category"] + :query => {"name" => "test_edit_global_public_query", "is_public" => "1"} assert_redirected_to :controller => 'issues', :action => 'index', :query_id => 4 q = Query.find_by_name('test_edit_global_public_query') @@ -138,8 +165,7 @@ class QueriesControllerTest < Test::Unit::TestCase :fields => ["status_id", "assigned_to_id"], :operators => {"assigned_to_id" => "=", "status_id" => "o"}, :values => { "assigned_to_id" => ["me"], "status_id" => ["1"]}, - :query => {"name" => "test_edit_global_private_query", "is_public" => "1"}, - :column_names => ["", "tracker", "status", "priority", "subject", "updated_on", "category"] + :query => {"name" => "test_edit_global_private_query", "is_public" => "1"} assert_redirected_to :controller => 'issues', :action => 'index', :query_id => 3 q = Query.find_by_name('test_edit_global_private_query') -- 2.39.5