diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 7978bc001..3ce25a134 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -54,10 +54,6 @@ class IssuesController < ApplicationController
helper :gantt
include Redmine::Export::PDF
- verify :method => [:post, :delete],
- :only => :destroy,
- :render => { :nothing => true, :status => :method_not_allowed }
-
verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
verify :method => :post, :only => :bulk_update, :render => {:nothing => true, :status => :method_not_allowed }
verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
@@ -225,6 +221,7 @@ class IssuesController < ApplicationController
redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
end
+ verify :method => :delete, :only => :destroy, :render => { :nothing => true, :status => :method_not_allowed }
def destroy
@hours = TimeEntry.sum(:hours, :conditions => ['issue_id IN (?)', @issues]).to_f
if @hours > 0
diff --git a/app/views/context_menus/issues.html.erb b/app/views/context_menus/issues.html.erb
index b4db0a1af..3e210814d 100644
--- a/app/views/context_menus/issues.html.erb
+++ b/app/views/context_menus/issues.html.erb
@@ -114,8 +114,8 @@
:class => 'icon-copy', :disabled => !@can[:move] %>
<%= context_menu_link l(:button_move), new_issue_move_path(:ids => @issues.collect(&:id)),
:class => 'icon-move', :disabled => !@can[:move] %>
- <%= context_menu_link l(:button_delete), {:controller => 'issues', :action => 'destroy', :ids => @issues.collect(&:id), :back_url => @back},
- :method => :post, :confirm => issues_destroy_confirmation_message(@issues), :class => 'icon-del', :disabled => !@can[:delete] %>
+ <%= context_menu_link l(:button_delete), issues_path(:ids => @issues.collect(&:id), :back_url => @back),
+ :method => :delete, :confirm => issues_destroy_confirmation_message(@issues), :class => 'icon-del', :disabled => !@can[:delete] %>
<%= call_hook(:view_issues_context_menu_end, {:issues => @issues, :can => @can, :back => @back }) %>
diff --git a/app/views/issues/_action_menu.html.erb b/app/views/issues/_action_menu.html.erb
index 02357751f..acbeb3617 100644
--- a/app/views/issues/_action_menu.html.erb
+++ b/app/views/issues/_action_menu.html.erb
@@ -5,5 +5,5 @@
<%= link_to_if_authorized l(:button_duplicate), {:controller => 'issues', :action => 'new', :project_id => @project, :copy_from => @issue }, :class => 'icon icon-duplicate' %>
<%= link_to_if_authorized l(:button_copy), {:controller => 'issue_moves', :action => 'new', :id => @issue, :copy_options => {:copy => 't'}}, :class => 'icon icon-copy' %>
<%= link_to_if_authorized l(:button_move), {:controller => 'issue_moves', :action => 'new', :id => @issue}, :class => 'icon icon-move' %>
-<%= link_to_if_authorized l(:button_delete), {:controller => 'issues', :action => 'destroy', :id => @issue}, :confirm => issues_destroy_confirmation_message(@issue), :method => :post, :class => 'icon icon-del' %>
+<%= link_to l(:button_delete), issue_path(@issue), :confirm => issues_destroy_confirmation_message(@issue), :method => :delete, :class => 'icon icon-del' if User.current.allowed_to?(:delete_issues, @project) %>
diff --git a/config/routes.rb b/config/routes.rb
index 38e420e00..97d2f0492 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -45,7 +45,6 @@ ActionController::Routing::Routes.draw do |map|
map.issues_context_menu '/issues/context_menu', :controller => 'context_menus', :action => 'issues'
map.issue_changes '/issues/changes', :controller => 'journals', :action => 'index'
map.quoted_issue '/issues/:id/quoted', :controller => 'journals', :action => 'new', :id => /\d+/, :conditions => { :method => :post }
- map.connect '/issues/:id/destroy', :controller => 'issues', :action => 'destroy', :conditions => { :method => :post } # legacy
map.with_options :controller => 'gantts', :action => 'show' do |gantts_routes|
gantts_routes.connect '/projects/:project_id/issues/gantt'
@@ -67,6 +66,8 @@ ActionController::Routing::Routes.draw do |map|
issues.resources :time_entries, :controller => 'timelog', :collection => {:report => :get}
issues.resources :relations, :shallow => true, :controller => 'issue_relations', :only => [:index, :show, :create, :destroy]
end
+ # Bulk deletion
+ map.connect '/issues', :controller => 'issues', :action => 'destroy', :conditions => {:method => :delete}
map.connect 'projects/:id/members/new', :controller => 'members', :action => 'new'
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index 951cf90be..12f5d37b2 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -1997,14 +1997,14 @@ class IssuesControllerTest < ActionController::TestCase
def test_destroy_issue_with_no_time_entries
assert_nil TimeEntry.find_by_issue_id(2)
@request.session[:user_id] = 2
- post :destroy, :id => 2
+ delete :destroy, :id => 2
assert_redirected_to :action => 'index', :project_id => 'ecookbook'
assert_nil Issue.find_by_id(2)
end
def test_destroy_issues_with_time_entries
@request.session[:user_id] = 2
- post :destroy, :ids => [1, 3]
+ delete :destroy, :ids => [1, 3]
assert_response :success
assert_template 'destroy'
assert_not_nil assigns(:hours)
@@ -2013,7 +2013,7 @@ class IssuesControllerTest < ActionController::TestCase
def test_destroy_issues_and_destroy_time_entries
@request.session[:user_id] = 2
- post :destroy, :ids => [1, 3], :todo => 'destroy'
+ delete :destroy, :ids => [1, 3], :todo => 'destroy'
assert_redirected_to :action => 'index', :project_id => 'ecookbook'
assert !(Issue.find_by_id(1) || Issue.find_by_id(3))
assert_nil TimeEntry.find_by_id([1, 2])
@@ -2021,7 +2021,7 @@ class IssuesControllerTest < ActionController::TestCase
def test_destroy_issues_and_assign_time_entries_to_project
@request.session[:user_id] = 2
- post :destroy, :ids => [1, 3], :todo => 'nullify'
+ delete :destroy, :ids => [1, 3], :todo => 'nullify'
assert_redirected_to :action => 'index', :project_id => 'ecookbook'
assert !(Issue.find_by_id(1) || Issue.find_by_id(3))
assert_nil TimeEntry.find(1).issue_id
@@ -2030,7 +2030,7 @@ class IssuesControllerTest < ActionController::TestCase
def test_destroy_issues_and_reassign_time_entries_to_another_issue
@request.session[:user_id] = 2
- post :destroy, :ids => [1, 3], :todo => 'reassign', :reassign_to_id => 2
+ delete :destroy, :ids => [1, 3], :todo => 'reassign', :reassign_to_id => 2
assert_redirected_to :action => 'index', :project_id => 'ecookbook'
assert !(Issue.find_by_id(1) || Issue.find_by_id(3))
assert_equal 2, TimeEntry.find(1).issue_id
@@ -2039,7 +2039,7 @@ class IssuesControllerTest < ActionController::TestCase
def test_destroy_issues_from_different_projects
@request.session[:user_id] = 2
- post :destroy, :ids => [1, 2, 6], :todo => 'destroy'
+ delete :destroy, :ids => [1, 2, 6], :todo => 'destroy'
assert_redirected_to :controller => 'issues', :action => 'index'
assert !(Issue.find_by_id(1) || Issue.find_by_id(2) || Issue.find_by_id(6))
end
@@ -2051,7 +2051,7 @@ class IssuesControllerTest < ActionController::TestCase
@request.session[:user_id] = 2
assert_difference 'Issue.count', -2 do
- post :destroy, :ids => [parent.id, child.id], :todo => 'destroy'
+ delete :destroy, :ids => [parent.id, child.id], :todo => 'destroy'
end
assert_response 302
end