Require sudo mode for actions to delete contents (#33071).

Patch by Go MAEDA.


git-svn-id: http://svn.redmine.org/redmine/trunk@19569 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/attachments_controller.rb

@@ -25,6 +25,8 @@ class AttachmentsController < ApplicationController
   before_action :delete_authorize, :only => :destroy
   before_action :authorize_global, :only => :upload
 
+  require_sudo_mode :destroy
+
   # Disable check for same origin requests for JS files, i.e. attachments with
   # MIME type text/javascript.
   skip_after_action :verify_same_origin_request, :only => :download

app/controllers/boards_controller.rb

@@ -22,6 +22,8 @@ class BoardsController < ApplicationController
   before_action :find_project_by_project_id, :find_board_if_available, :authorize
   accept_rss_auth :index, :show
 
+  require_sudo_mode :destroy
+
   helper :sort
   include SortHelper
   helper :watchers

app/controllers/comments_controller.rb

@@ -24,6 +24,8 @@ class CommentsController < ApplicationController
   before_action :find_project_from_association
   before_action :authorize
 
+  require_sudo_mode :destroy
+
   def create
     raise Unauthorized unless @news.commentable?
 

app/controllers/documents_controller.rb

@@ -25,6 +25,8 @@ class DocumentsController < ApplicationController
   before_action :find_project_from_association, :except => [:index, :new, :create]
   before_action :authorize
 
+  require_sudo_mode :destroy
+
   helper :attachments
   helper :custom_fields
 

app/controllers/issues_controller.rb

@@ -28,6 +28,8 @@ class IssuesController < ApplicationController
   accept_rss_auth :index, :show
   accept_api_auth :index, :show, :create, :update, :destroy
 
+  require_sudo_mode :destroy
+
   rescue_from Query::StatementInvalid, :with => :query_statement_invalid
 
   helper :journals

app/controllers/messages_controller.rb

@@ -25,6 +25,8 @@ class MessagesController < ApplicationController
   before_action :find_message, :except => [:new, :preview]
   before_action :authorize, :except => [:preview, :edit, :destroy]
 
+  require_sudo_mode :destroy
+
   helper :boards
   helper :watchers
   helper :attachments

app/controllers/news_controller.rb

@@ -28,6 +28,8 @@ class NewsController < ApplicationController
   accept_rss_auth :index
   accept_api_auth :index, :show, :create, :update, :destroy
 
+  require_sudo_mode :destroy
+
   helper :watchers
   helper :attachments
 

app/controllers/repositories_controller.rb

@@ -36,6 +36,8 @@ class RepositoriesController < ApplicationController
   before_action :authorize
   accept_rss_auth :revisions
 
+  require_sudo_mode :destroy
+
   rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed
 
   def new

app/controllers/timelog_controller.rb

@@ -33,6 +33,8 @@ class TimelogController < ApplicationController
   accept_rss_auth :index
   accept_api_auth :index, :show, :create, :update, :destroy
 
+  require_sudo_mode :destroy
+
   rescue_from Query::StatementInvalid, :with => :query_statement_invalid
 
   helper :issues

app/controllers/versions_controller.rb

@@ -27,6 +27,8 @@ class VersionsController < ApplicationController
 
   accept_api_auth :index, :show, :create, :update, :destroy
 
+  require_sudo_mode :destroy
+
   helper :custom_fields
   helper :projects
 

app/controllers/wiki_controller.rb

@@ -39,6 +39,8 @@ class WikiController < ApplicationController
   before_action :find_attachments, :only => [:preview]
   accept_api_auth :index, :show, :update, :destroy
 
+  require_sudo_mode :destroy, :destroy_version
+
   helper :attachments
   include AttachmentsHelper
   helper :watchers

app/controllers/wikis_controller.rb

@@ -21,6 +21,8 @@ class WikisController < ApplicationController
   menu_item :settings
   before_action :find_project, :authorize
 
+  require_sudo_mode :destroy, only: :post
+
   # Delete a project's wiki
   def destroy
     if request.post? && params[:confirm] && @project.wiki

config/configuration.yml.example

@@ -169,7 +169,8 @@ default:
 
   # Requires users to re-enter their password for sensitive actions (editing
   # of account data, project memberships, application settings, user, group,
-  # role, auth source management and project deletion). Disabled by default.
+  # role, auth source management, project deletion and deletion of contents
+  # such as issues, attachments and wiki pages). Disabled by default.
   # Timeout is set in minutes.
   #
   #sudo_mode: true

test/integration/sudo_mode_test.rb

@@ -3,7 +3,9 @@
 require File.expand_path('../../test_helper', __FILE__)
 
 class SudoModeTest < Redmine::IntegrationTest
-  fixtures :projects, :members, :member_roles, :roles, :users, :email_addresses
+  fixtures :projects, :members, :member_roles, :roles, :users,
+           :email_addresses, :trackers, :projects_trackers, :enabled_modules,
+           :issue_statuses, :issues, :enumerations
 
   def setup
     Redmine::SudoMode.stubs(:enabled?).returns(true)
@@ -192,6 +194,24 @@ class SudoModeTest < Redmine::IntegrationTest
     end
   end
 
+  def test_destroy_issue
+    log_user 'dlopper', 'foo'
+    expire_sudo_mode!
+    delete '/issues/2'
+    assert_response :success
+    assert_select 'h2', 'Confirm your password to continue'
+    assert_select 'form[action="/issues/2"]'
+    assert_select '#flash_error', 0
+
+    delete '/issues/2', :params => {:sudo_password => 'wrong'}
+    assert_response :success
+    assert_select 'h2', 'Confirm your password to continue'
+
+    assert_difference 'Issue.count', -1 do
+      delete '/issues/2', :params => {:sudo_password => 'foo'}
+    end
+  end
+
   private
 
   # sudo mode is active after sign, let it expire by advancing the time