Patch by Holger Just. git-svn-id: http://svn.redmine.org/redmine/trunk@21210 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/5.0.0
@@ -26,7 +26,9 @@ class ProjectsController < ApplicationController | |||
:except => [:index, :autocomplete, :list, :new, :create, :copy] | |||
before_action :authorize, | |||
:except => [:index, :autocomplete, :list, :new, :create, :copy, | |||
:archive, :unarchive] | |||
:archive, :unarchive, | |||
:destroy | |||
] | |||
before_action :authorize_global, :only => [:new, :create] | |||
before_action :require_admin, :only => [:copy, :archive, :unarchive] | |||
accept_rss_auth :index |
@@ -90,7 +90,7 @@ Redmine::AccessControl.map do |map| | |||
map.permission :add_project, {:projects => [:new, :create]}, :require => :loggedin | |||
map.permission :edit_project, {:projects => [:settings, :edit, :update]}, :require => :member | |||
map.permission :close_project, {:projects => [:close, :reopen]}, :require => :member, :read => true | |||
map.permission :delete_project, {:projects => :destroy}, :require => :member | |||
map.permission :delete_project, {:projects => :destroy}, :require => :member, :read => true | |||
map.permission :select_project_modules, {:projects => :modules}, :require => :member | |||
map.permission :view_members, {:members => [:index, :show]}, :public => true, :read => true | |||
map.permission :manage_members, {:projects => :settings, :members => [:index, :show, :new, :create, :edit, :update, :destroy, :autocomplete]}, :require => :member |
@@ -1110,6 +1110,25 @@ class ProjectsControllerTest < Redmine::ControllerTest | |||
assert_nil Project.find_by_id(1) | |||
end | |||
def test_destroy_should_destroy_archived_project | |||
set_tmp_attachments_directory | |||
@request.session[:user_id] = 1 # admin | |||
Project.find_by_id(2).update_attribute :status, Project::STATUS_ARCHIVED | |||
assert_difference 'Project.count', -1 do | |||
delete( | |||
:destroy, | |||
:params => { | |||
:id => 2, | |||
:confirm => 'onlinestore' | |||
} | |||
) | |||
assert_redirected_to '/admin/projects' | |||
end | |||
assert_nil Project.find_by_id(2) | |||
end | |||
def test_destroy_with_normal_user_should_destroy | |||
set_tmp_attachments_directory | |||
@request.session[:user_id] = 2 # non-admin | |||
@@ -1127,6 +1146,25 @@ class ProjectsControllerTest < Redmine::ControllerTest | |||
assert_nil Project.find_by_id(2) | |||
end | |||
def test_destroy_with_normal_user_should_destroy_closed_project | |||
set_tmp_attachments_directory | |||
@request.session[:user_id] = 2 # non-admin | |||
Project.find_by_id(2).update_attribute :status, Project::STATUS_CLOSED | |||
assert_difference 'Project.count', -1 do | |||
delete( | |||
:destroy, | |||
:params => { | |||
:id => 2, | |||
:confirm => 'onlinestore' | |||
} | |||
) | |||
assert_redirected_to '/projects' | |||
end | |||
assert_nil Project.find_by_id(2) | |||
end | |||
def test_destroy_with_normal_user_should_not_destroy_with_subprojects | |||
set_tmp_attachments_directory | |||
@request.session[:user_id] = 2 # non-admin |