mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 199 Wiki Activity
Browse Source

Don't consider roles without issue add/edit permissions for determining fields permissions (#15988). 

git-svn-id: http://svn.redmine.org/redmine/trunk@13747 e93f8b46-1217-0410-a6f0-8f06a7374b81
tags/3.0.0
Jean-Philippe Lang 9 years ago
parent
07b44a4662
commit
453803c68f
3 changed files with 28 additions and 0 deletions
Split View Show Diff Stats
  1. 1
    0
      app/models/issue.rb
  2. 4
    0
      app/models/role.rb
  3. 23
    0
      test/unit/issue_test.rb

+ 1
- 0
app/models/issue.rb View File

@@ -539,6 +539,7 @@ class Issue < ActiveRecord::Base

user_real = user || User.current
roles = user_real.admin ? Role.all.to_a : user_real.roles_for_project(project)
roles = roles.select(&:consider_workflow?)
return {} if roles.empty?

result = {}

+ 4
- 0
app/models/role.rb View File

@@ -113,6 +113,10 @@ class Role < ActiveRecord::Base
!permissions.nil? && permissions.include?(perm.to_sym)
end

def consider_workflow?
has_permission?(:add_issues) || has_permission?(:edit_issues)
end

def <=>(role)
if role
if builtin == role.builtin

+ 23
- 0
test/unit/issue_test.rb View File

@@ -914,6 +914,29 @@ class IssueTest < ActiveSupport::TestCase
assert_equal %w(due_date), issue.read_only_attribute_names(user)
end

def test_workflow_rules_should_ignore_roles_without_issue_permissions
role = Role.generate! :permissions => [:view_issues, :edit_issues]
ignored_role = Role.generate! :permissions => [:view_issues]

WorkflowPermission.delete_all
WorkflowPermission.create!(:old_status_id => 1, :tracker_id => 1,
:role => role, :field_name => 'due_date',
:rule => 'required')
WorkflowPermission.create!(:old_status_id => 1, :tracker_id => 1,
:role => role, :field_name => 'start_date',
:rule => 'readonly')
WorkflowPermission.create!(:old_status_id => 1, :tracker_id => 1,
:role => role, :field_name => 'done_ratio',
:rule => 'readonly')
user = User.generate!
User.add_to_project user, Project.find(1), [role, ignored_role]

issue = Issue.new(:project_id => 1, :tracker_id => 1, :status_id => 1)

assert_equal %w(due_date), issue.required_attribute_names(user)
assert_equal %w(done_ratio start_date), issue.read_only_attribute_names(user).sort
end

def test_copy
issue = Issue.new.copy_from(1)
assert issue.copy?

Write Preview
Loading…
Cancel
Save