Patch by Holger Just. git-svn-id: http://svn.redmine.org/redmine/trunk@20034 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/4.2.0
@@ -23,9 +23,9 @@ class ProjectsController < ApplicationController | |||
menu_item :projects, :only => [:index, :new, :copy, :create] | |||
before_action :find_project, :except => [ :index, :autocomplete, :list, :new, :create, :copy ] | |||
before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :copy, :archive, :unarchive, :destroy] | |||
before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :copy, :archive, :unarchive] | |||
before_action :authorize_global, :only => [:new, :create] | |||
before_action :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ] | |||
before_action :require_admin, :only => [ :copy, :archive, :unarchive ] | |||
accept_rss_auth :index | |||
accept_api_auth :index, :show, :create, :update, :destroy | |||
require_sudo_mode :destroy | |||
@@ -259,11 +259,16 @@ class ProjectsController < ApplicationController | |||
# Delete @project | |||
def destroy | |||
unless @project.deletable? | |||
deny_access | |||
return | |||
end | |||
@project_to_destroy = @project | |||
if api_request? || params[:confirm] | |||
@project_to_destroy.destroy | |||
respond_to do |format| | |||
format.html { redirect_to admin_projects_path } | |||
format.html { redirect_to User.current.admin? ? admin_projects_path : projects_path } | |||
format.api { render_api_ok } | |||
end | |||
end |
@@ -709,6 +709,14 @@ class Project < ActiveRecord::Base | |||
end | |||
end | |||
def deletable?(user = User.current) | |||
if user.admin? | |||
return true | |||
else | |||
user.allowed_to?(:delete_project, self) && leaf? | |||
end | |||
end | |||
# Return the enabled module with the given name | |||
# or nil if the module is not enabled for the project | |||
def enabled_module(name) |
@@ -19,6 +19,6 @@ | |||
<p> | |||
<%= submit_tag l(:button_delete) %> | |||
<%= link_to l(:button_cancel), :controller => 'admin', :action => 'projects' %> | |||
<%= link_to l(:button_cancel), User.current.admin? ? admin_projects_path : projects_path %> | |||
</p> | |||
<% end %> |
@@ -12,6 +12,9 @@ | |||
<%= link_to l(:button_reopen), reopen_project_path(@project), :data => {:confirm => l(:text_are_you_sure)}, :method => :post, :class => 'icon icon-unlock' %> | |||
<% end %> | |||
<% end %> | |||
<% if @project.deletable? %> | |||
<%= link_to l(:button_delete), project_path(@project), :method => :delete, :class => 'icon icon-del' %> | |||
<% end %> | |||
<%= link_to_if_authorized l(:label_settings), | |||
{:controller => 'projects', :action => 'settings', :id => @project}, | |||
:class => 'icon icon-settings' if User.current.allowed_to?(:edit_project, @project) %> |
@@ -917,6 +917,7 @@ de: | |||
permission_delete_issues: Tickets löschen | |||
permission_delete_messages: Forenbeiträge löschen | |||
permission_delete_own_messages: Eigene Forenbeiträge löschen | |||
permission_delete_project: Projekt löschen | |||
permission_delete_wiki_pages: Wiki-Seiten löschen | |||
permission_delete_wiki_pages_attachments: Anhänge löschen | |||
permission_delete_documents: Dokumente löschen |
@@ -508,6 +508,7 @@ en: | |||
permission_add_subprojects: Create subprojects | |||
permission_edit_project: Edit project | |||
permission_close_project: Close / reopen the project | |||
permission_delete_project: Delete the project | |||
permission_select_project_modules: Select project modules | |||
permission_manage_members: Manage members | |||
permission_manage_project_activities: Manage project activities |
@@ -84,6 +84,7 @@ Redmine::AccessControl.map do |map| | |||
map.permission :add_project, {:projects => [:new, :create]}, :require => :loggedin | |||
map.permission :edit_project, {:projects => [:settings, :edit, :update]}, :require => :member | |||
map.permission :close_project, {:projects => [:close, :reopen]}, :require => :member, :read => true | |||
map.permission :delete_project, {:projects => :destroy}, :require => :member | |||
map.permission :select_project_modules, {:projects => :modules}, :require => :member | |||
map.permission :view_members, {:members => [:index, :show]}, :public => true, :read => true | |||
map.permission :manage_members, {:projects => :settings, :members => [:index, :show, :new, :create, :edit, :update, :destroy, :autocomplete]}, :require => :member |
@@ -10,6 +10,7 @@ roles_001: | |||
- :add_project | |||
- :edit_project | |||
- :close_project | |||
- :delete_project | |||
- :select_project_modules | |||
- :manage_members | |||
- :manage_versions | |||
@@ -77,6 +78,7 @@ roles_002: | |||
permissions: | | |||
--- | |||
- :edit_project | |||
- :delete_project | |||
- :manage_members | |||
- :manage_versions | |||
- :manage_categories |
@@ -1059,6 +1059,40 @@ class ProjectsControllerTest < Redmine::ControllerTest | |||
assert_nil Project.find_by_id(1) | |||
end | |||
def test_destroy_with_normal_user_should_destroy | |||
set_tmp_attachments_directory | |||
@request.session[:user_id] = 2 # non-admin | |||
assert_difference 'Project.count', -1 do | |||
delete( | |||
:destroy, | |||
:params => { | |||
:id => 2, | |||
:confirm => 1 | |||
} | |||
) | |||
assert_redirected_to '/projects' | |||
end | |||
assert_nil Project.find_by_id(2) | |||
end | |||
def test_destroy_with_normal_user_should_not_destroy_with_subprojects | |||
set_tmp_attachments_directory | |||
@request.session[:user_id] = 2 # non-admin | |||
assert_difference 'Project.count', 0 do | |||
delete( | |||
:destroy, | |||
:params => { | |||
:id => 1, | |||
:confirm => 1 | |||
} | |||
) | |||
assert_response 403 | |||
end | |||
assert Project.find(1) | |||
end | |||
def test_archive | |||
@request.session[:user_id] = 1 # admin | |||
post(:archive, :params => {:id => 1}) |