git-svn-id: http://svn.redmine.org/redmine/trunk@16721 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/4.0.0
@@ -98,14 +98,4 @@ class NewsController < ApplicationController | |||
@news.destroy | |||
redirect_to project_news_index_path(@project) | |||
end | |||
private | |||
def find_optional_project | |||
return true unless params[:project_id] | |||
@project = Project.find(params[:project_id]) | |||
authorize | |||
rescue ActiveRecord::RecordNotFound | |||
render_404 | |||
end | |||
end |
@@ -217,6 +217,7 @@ Redmine::MenuManager.map :application_menu do |menu| | |||
menu.push :calendar, { :controller => 'calendars', :action => 'show' }, :caption => :label_calendar | |||
menu.push :news, {:controller => 'news', :action => 'index'}, | |||
:if => Proc.new {User.current.allowed_to?(:view_news, nil, :global => true)}, | |||
:caption => :label_news_plural | |||
end | |||
@@ -47,6 +47,14 @@ class NewsControllerTest < Redmine::ControllerTest | |||
assert_response 404 | |||
end | |||
def test_index_without_permission_should_fail | |||
Role.all.each {|r| r.remove_permission! :view_news} | |||
@request.session[:user_id] = 2 | |||
get :index | |||
assert_response 403 | |||
end | |||
def test_show | |||
get :show, :params => { | |||
:id => 1 |