Parcourir la source
Global and public custom queries are shown as editable to non administrators in projects (#28264).
git-svn-id: http://svn.redmine.org/redmine/trunk@17292 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/4.0.0
Jean-Philippe Lang
il y a 6 ans
2 fichiers modifiés avec 27 ajouts et 7 suppressions
+ 6
- 6
app/models/query.rb
Voir le fichier
| @@ -356,13 +356,13 @@ class Query < ActiveRecord::Base | |||
| !is_private? | |||
| end | |||
| def queried_table_name | |||
| @queried_table_name ||= self.class.queried_class.table_name | |||
| # Returns true if the query is available for all projects | |||
| def is_global? | |||
| new_record? ? project_id.nil? : project_id_in_database.nil? | |||
| end | |||
| def initialize(attributes=nil, *args) | |||
| super attributes | |||
| @is_for_all = project.nil? | |||
| def queried_table_name | |||
| @queried_table_name ||= self.class.queried_class.table_name | |||
| end | |||
| # Builds the query from the given params | |||
| @@ -447,7 +447,7 @@ class Query < ActiveRecord::Base | |||
| # Admin can edit them all and regular users can edit their private queries | |||
| return true if user.admin? || (is_private? && self.user_id == user.id) | |||
| # Members can not edit public queries that are for all project (only admin is allowed to) | |||
| is_public? && !@is_for_all && user.allowed_to?(:manage_public_queries, project) | |||
| is_public? && !is_global? && user.allowed_to?(:manage_public_queries, project) | |||
| end | |||
| def trackers | |||
+ 21
- 1
test/unit/query_test.rb
Voir le fichier
| @@ -1742,9 +1742,29 @@ class QueryTest < ActiveSupport::TestCase | |||
| assert q.editable_by?(admin) | |||
| assert !q.editable_by?(manager) | |||
| assert q.editable_by?(developer) | |||
| end | |||
| def test_editable_by_for_global_query | |||
| admin = User.find(1) | |||
| manager = User.find(2) | |||
| developer = User.find(3) | |||
| # Public query for all projects | |||
| q = IssueQuery.find(4) | |||
| q.project = Project.find(1) | |||
| assert q.editable_by?(admin) | |||
| assert !q.editable_by?(manager) | |||
| assert !q.editable_by?(developer) | |||
| end | |||
| def test_editable_by_for_global_query_with_project_set | |||
| admin = User.find(1) | |||
| manager = User.find(2) | |||
| developer = User.find(3) | |||
| q = IssueQuery.find(4) | |||
| q.project = Project.find(1) | |||
| assert q.editable_by?(admin) | |||
| assert !q.editable_by?(manager) | |||
| assert !q.editable_by?(developer) | |||
Chargement…