Browse Source
Merged r20970 from trunk to 4.2-stable (#35045).
git-svn-id: http://svn.redmine.org/redmine/branches/4.2-stable@20971 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/4.2.1
Go MAEDA
3 years ago
2 changed files with 5 additions and 4 deletions
+ 1
- 2
app/models/mail_handler.rb
View File
| @@ -225,8 +225,7 @@ class MailHandler < ActionMailer::Base | |||
| # check permission | |||
| unless handler_options[:no_permission_check] | |||
| unless user.allowed_to?(:add_issue_notes, issue.project) || | |||
| user.allowed_to?(:edit_issues, issue.project) | |||
| unless issue.notes_addable? | |||
| raise UnauthorizedAction, "not allowed to add notes on issues to project [#{issue.project.name}]" | |||
| end | |||
| end | |||
+ 4
- 2
test/unit/mail_handler_test.rb
View File
| @@ -1051,9 +1051,11 @@ class MailHandlerTest < ActiveSupport::TestCase | |||
| end | |||
| end | |||
| def test_reply_to_a_issue_without_permission | |||
| def test_reply_to_an_issue_without_permission | |||
| set_tmp_attachments_directory | |||
| Role.all.each {|r| r.remove_permission! :add_issue_notes, :edit_issues} | |||
| # "add_issue_notes" permission is explicit required to allow users to add notes | |||
| # "edit_issue" permission no longer includes the "add_issue_notes" permission | |||
| Role.all.each {|r| r.remove_permission! :add_issue_notes} | |||
| assert_no_difference 'Issue.count' do | |||
| assert_no_difference 'Journal.count' do | |||
| assert_not submit_email('ticket_reply_with_status.eml') | |||
Loading…