diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2011-12-15 10:41:49 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2011-12-15 10:41:49 +0000 |
| commit | b6e6f557f01bebcd90e034e4b6cc5b755a95c006 (patch) | |
| tree | 38b97ccf7c7f6efdf78b66b84b1e14e0e857b0b0 | |
| parent | 31f2e848b56b8ed260128ba0d9fc245b06800e09 (diff) | |
| download | redmine-b6e6f557f01bebcd90e034e4b6cc5b755a95c006.tar.gz redmine-b6e6f557f01bebcd90e034e4b6cc5b755a95c006.zip | |
Display issue form fields according to permissions.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@8227 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/models/issue.rb | 1 | ||||
| -rw-r--r-- | app/views/issues/_attributes.html.erb | 27 | ||||
| -rw-r--r-- | app/views/issues/_edit.html.erb | 2 | ||||
| -rw-r--r-- | app/views/issues/_form.html.erb | 11 | ||||
| -rw-r--r-- | app/views/issues/_form_update.html.erb | 14 | ||||
| -rw-r--r-- | test/functional/issues_controller_test.rb | 130 |
6 files changed, 162 insertions, 23 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb index dcafade15..9b6be7db6 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -283,6 +283,7 @@ class Issue < ActiveRecord::Base 'assigned_to_id', 'fixed_version_id', 'done_ratio', + 'lock_version', :if => lambda {|issue, user| issue.new_statuses_allowed_to(user).any? } safe_attributes 'watcher_user_ids', diff --git a/app/views/issues/_attributes.html.erb b/app/views/issues/_attributes.html.erb index 6303ccf79..802c7194a 100644 --- a/app/views/issues/_attributes.html.erb +++ b/app/views/issues/_attributes.html.erb @@ -1,15 +1,21 @@ <% labelled_fields_for :issue, @issue do |f| %> <div class="splitcontentleft"> -<% if @issue.new_record? || @allowed_statuses.any? %> +<% if @issue.safe_attribute? 'status_id' %> <p><%= f.select :status_id, (@allowed_statuses.collect {|p| [p.name, p.id]}), :required => true %></p> <% else %> <p><label><%= l(:field_status) %></label> <%= h(@issue.status.name) %></p> <% end %> +<% if @issue.safe_attribute? 'priority_id' %> <p><%= f.select :priority_id, (@priorities.collect {|p| [p.name, p.id]}), {:required => true}, :disabled => !@issue.leaf? %></p> +<% end %> + +<% if @issue.safe_attribute? 'assigned_to_id' %> <p><%= f.select :assigned_to_id, principals_options_for_select(@issue.assignable_users, @issue.assigned_to), :include_blank => true %></p> -<% unless @project.issue_categories.empty? %> +<% end %> + +<% if @issue.safe_attribute?('category_id') && @project.issue_categories.any? %> <p><%= f.select :category_id, (@project.issue_categories.collect {|c| [c.name, c.id]}), :include_blank => true %> <%= prompt_to_remote(image_tag('add.png', :style => 'vertical-align: middle;'), l(:label_issue_category_new), @@ -18,7 +24,8 @@ :title => l(:label_issue_category_new), :tabindex => 199) if authorize_for('issue_categories', 'new') %></p> <% end %> -<% unless @issue.assignable_versions.empty? %> + +<% if @issue.safe_attribute?('fixed_version_id') && @issue.assignable_versions.any? %> <p><%= f.select :fixed_version_id, version_options_for_select(@issue.assignable_versions, @issue.fixed_version), :include_blank => true %> <%= prompt_to_remote(image_tag('add.png', :style => 'vertical-align: middle;'), l(:label_version_new), @@ -36,15 +43,27 @@ <div id="parent_issue_candidates" class="autocomplete"></div> <%= javascript_tag "observeParentIssueField('#{auto_complete_issues_path(:id => @issue, :project_id => @project) }')" %> <% end %> + +<% if @issue.safe_attribute? 'start_date' %> <p><%= f.text_field :start_date, :size => 10, :disabled => !@issue.leaf? %><%= calendar_for('issue_start_date') if @issue.leaf? %></p> +<% end %> + +<% if @issue.safe_attribute? 'due_date' %> <p><%= f.text_field :due_date, :size => 10, :disabled => !@issue.leaf? %><%= calendar_for('issue_due_date') if @issue.leaf? %></p> +<% end %> + +<% if @issue.safe_attribute? 'estimated_hours' %> <p><%= f.text_field :estimated_hours, :size => 3, :disabled => !@issue.leaf? %> <%= l(:field_hours) %></p> -<% if @issue.leaf? && Issue.use_field_for_done_ratio? %> +<% end %> + +<% if @issue.safe_attribute?('done_ratio') && @issue.leaf? && Issue.use_field_for_done_ratio? %> <p><%= f.select :done_ratio, ((0..10).to_a.collect {|r| ["#{r*10} %", r*10] }) %></p> <% end %> </div> <div style="clear:both;"> </div> +<% if @issue.safe_attribute? 'custom_field_values' %> <%= render :partial => 'issues/form_custom_fields' %> +<% end %> <% end %> diff --git a/app/views/issues/_edit.html.erb b/app/views/issues/_edit.html.erb index ffffeb175..7e1d04826 100644 --- a/app/views/issues/_edit.html.erb +++ b/app/views/issues/_edit.html.erb @@ -3,7 +3,7 @@ <div class="box"> <% if @edit_allowed || !@allowed_statuses.empty? %> <fieldset class="tabular"><legend><%= l(:label_change_properties) %></legend> - <%= render :partial => (@edit_allowed ? 'form' : 'form_update'), :locals => {:f => f} %> + <%= render :partial => 'form', :locals => {:f => f} %> </fieldset> <% end %> <% if User.current.allowed_to?(:log_time, @project) %> diff --git a/app/views/issues/_form.html.erb b/app/views/issues/_form.html.erb index 4b4cbccb0..e63adfbb3 100644 --- a/app/views/issues/_form.html.erb +++ b/app/views/issues/_form.html.erb @@ -5,12 +5,19 @@ <label class="inline" for="issue_is_private" id="issue_is_private_label"><%= f.check_box :is_private, :no_label => true %> <%= l(:field_is_private) %></label> </p> <% end %> + +<% if @issue.safe_attribute? 'tracker_id' %> <p><%= f.select :tracker_id, @project.trackers.collect {|t| [t.name, t.id]}, :required => true %></p> <%= observe_field :issue_tracker_id, :url => project_issue_form_path(@project, :id => @issue), :update => :attributes, :with => "Form.serialize('issue-form')" %> +<% end %> +<% if @issue.safe_attribute? 'subject' %> <p><%= f.text_field :subject, :size => 80, :required => true %></p> +<% end %> + +<% if @issue.safe_attribute? 'description' %> <p> <label><%= l(:field_description) %></label> <%= link_to_function image_tag('edit.png'), @@ -24,11 +31,11 @@ :no_label => true %> <% end %> </p> +<%= wikitoolbar_for 'issue_description' %> +<% end %> <div id="attributes" class="attributes"> <%= render :partial => 'issues/attributes' %> </div> <%= call_hook(:view_issues_form_details_bottom, { :issue => @issue, :form => f }) %> - -<%= wikitoolbar_for 'issue_description' %> diff --git a/app/views/issues/_form_update.html.erb b/app/views/issues/_form_update.html.erb deleted file mode 100644 index 7c96317f7..000000000 --- a/app/views/issues/_form_update.html.erb +++ /dev/null @@ -1,14 +0,0 @@ -<div class="attributes"> -<div class="splitcontentleft"> -<p><%= f.select :status_id, (@allowed_statuses.collect {|p| [p.name, p.id]}), :required => true %></p> -<p><%= f.select :assigned_to_id, principals_options_for_select(@issue.assignable_users, @issue.assigned_to), :include_blank => true %></p> -</div> -<div class="splitcontentright"> -<% if Issue.use_field_for_done_ratio? %> -<p><%= f.select :done_ratio, ((0..10).to_a.collect {|r| ["#{r*10} %", r*10] }) %></p> -<% end %> -<% unless @issue.assignable_versions.empty? %> -<p><%= f.select :fixed_version_id, (@issue.assignable_versions.collect {|v| [v.name, v.id]}), :include_blank => true %></p> -<% end %> -</div> -</div> diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb index 12f5d37b2..fb32a9db4 100644 --- a/test/functional/issues_controller_test.rb +++ b/test/functional/issues_controller_test.rb @@ -714,6 +714,93 @@ class IssuesControllerTest < ActionController::TestCase :content => /Notes/ } } end + def test_show_should_display_update_form + @request.session[:user_id] = 2 + get :show, :id => 1 + assert_response :success + + assert_tag 'form', :attributes => {:id => 'issue-form'} + assert_tag 'input', :attributes => {:name => 'issue[is_private]'} + assert_tag 'select', :attributes => {:name => 'issue[tracker_id]'} + assert_tag 'input', :attributes => {:name => 'issue[subject]'} + assert_tag 'textarea', :attributes => {:name => 'issue[description]'} + assert_tag 'select', :attributes => {:name => 'issue[status_id]'} + assert_tag 'select', :attributes => {:name => 'issue[priority_id]'} + assert_tag 'select', :attributes => {:name => 'issue[assigned_to_id]'} + assert_tag 'select', :attributes => {:name => 'issue[category_id]'} + assert_tag 'select', :attributes => {:name => 'issue[fixed_version_id]'} + assert_tag 'input', :attributes => {:name => 'issue[parent_issue_id]'} + assert_tag 'input', :attributes => {:name => 'issue[start_date]'} + assert_tag 'input', :attributes => {:name => 'issue[due_date]'} + assert_tag 'select', :attributes => {:name => 'issue[done_ratio]'} + assert_tag 'input', :attributes => { :name => 'issue[custom_field_values][2]' } + assert_no_tag 'input', :attributes => {:name => 'issue[watcher_user_ids][]'} + assert_tag 'textarea', :attributes => {:name => 'notes'} + end + + def test_show_should_display_update_form_with_minimal_permissions + Role.find(1).update_attribute :permissions, [:view_issues, :add_issue_notes] + Workflow.delete_all :role_id => 1 + + @request.session[:user_id] = 2 + get :show, :id => 1 + assert_response :success + + assert_tag 'form', :attributes => {:id => 'issue-form'} + assert_no_tag 'input', :attributes => {:name => 'issue[is_private]'} + assert_no_tag 'select', :attributes => {:name => 'issue[tracker_id]'} + assert_no_tag 'input', :attributes => {:name => 'issue[subject]'} + assert_no_tag 'textarea', :attributes => {:name => 'issue[description]'} + assert_no_tag 'select', :attributes => {:name => 'issue[status_id]'} + assert_no_tag 'select', :attributes => {:name => 'issue[priority_id]'} + assert_no_tag 'select', :attributes => {:name => 'issue[assigned_to_id]'} + assert_no_tag 'select', :attributes => {:name => 'issue[category_id]'} + assert_no_tag 'select', :attributes => {:name => 'issue[fixed_version_id]'} + assert_no_tag 'input', :attributes => {:name => 'issue[parent_issue_id]'} + assert_no_tag 'input', :attributes => {:name => 'issue[start_date]'} + assert_no_tag 'input', :attributes => {:name => 'issue[due_date]'} + assert_no_tag 'select', :attributes => {:name => 'issue[done_ratio]'} + assert_no_tag 'input', :attributes => { :name => 'issue[custom_field_values][2]' } + assert_no_tag 'input', :attributes => {:name => 'issue[watcher_user_ids][]'} + assert_tag 'textarea', :attributes => {:name => 'notes'} + end + + def test_show_should_display_update_form_with_workflow_permissions + Role.find(1).update_attribute :permissions, [:view_issues, :add_issue_notes] + + @request.session[:user_id] = 2 + get :show, :id => 1 + assert_response :success + + assert_tag 'form', :attributes => {:id => 'issue-form'} + assert_no_tag 'input', :attributes => {:name => 'issue[is_private]'} + assert_no_tag 'select', :attributes => {:name => 'issue[tracker_id]'} + assert_no_tag 'input', :attributes => {:name => 'issue[subject]'} + assert_no_tag 'textarea', :attributes => {:name => 'issue[description]'} + assert_tag 'select', :attributes => {:name => 'issue[status_id]'} + assert_no_tag 'select', :attributes => {:name => 'issue[priority_id]'} + assert_tag 'select', :attributes => {:name => 'issue[assigned_to_id]'} + assert_no_tag 'select', :attributes => {:name => 'issue[category_id]'} + assert_tag 'select', :attributes => {:name => 'issue[fixed_version_id]'} + assert_no_tag 'input', :attributes => {:name => 'issue[parent_issue_id]'} + assert_no_tag 'input', :attributes => {:name => 'issue[start_date]'} + assert_no_tag 'input', :attributes => {:name => 'issue[due_date]'} + assert_tag 'select', :attributes => {:name => 'issue[done_ratio]'} + assert_no_tag 'input', :attributes => { :name => 'issue[custom_field_values][2]' } + assert_no_tag 'input', :attributes => {:name => 'issue[watcher_user_ids][]'} + assert_tag 'textarea', :attributes => {:name => 'notes'} + end + + def test_show_should_not_display_update_form_without_permissions + Role.find(1).update_attribute :permissions, [:view_issues] + + @request.session[:user_id] = 2 + get :show, :id => 1 + assert_response :success + + assert_no_tag 'form', :attributes => {:id => 'issue-form'} + end + def test_update_form_should_not_display_inactive_enumerations @request.session[:user_id] = 2 get :show, :id => 1 @@ -855,8 +942,21 @@ class IssuesControllerTest < ActionController::TestCase assert_response :success assert_template 'new' - assert_tag :tag => 'input', :attributes => { :name => 'issue[custom_field_values][2]', - :value => 'Default string' } + assert_tag 'input', :attributes => {:name => 'issue[is_private]'} + assert_tag 'select', :attributes => {:name => 'issue[tracker_id]'} + assert_tag 'input', :attributes => {:name => 'issue[subject]'} + assert_tag 'textarea', :attributes => {:name => 'issue[description]'} + assert_tag 'select', :attributes => {:name => 'issue[status_id]'} + assert_tag 'select', :attributes => {:name => 'issue[priority_id]'} + assert_tag 'select', :attributes => {:name => 'issue[assigned_to_id]'} + assert_tag 'select', :attributes => {:name => 'issue[category_id]'} + assert_tag 'select', :attributes => {:name => 'issue[fixed_version_id]'} + assert_tag 'input', :attributes => {:name => 'issue[parent_issue_id]'} + assert_tag 'input', :attributes => {:name => 'issue[start_date]'} + assert_tag 'input', :attributes => {:name => 'issue[due_date]'} + assert_tag 'select', :attributes => {:name => 'issue[done_ratio]'} + assert_tag 'input', :attributes => { :name => 'issue[custom_field_values][2]', :value => 'Default string' } + assert_tag 'input', :attributes => {:name => 'issue[watcher_user_ids][]'} # Be sure we don't display inactive IssuePriorities assert ! IssuePriority.find(15).active? @@ -864,6 +964,32 @@ class IssuesControllerTest < ActionController::TestCase :parent => {:tag => 'select', :attributes => {:id => 'issue_priority_id'} } end + def test_get_new_with_minimal_permissions + Role.find(1).update_attribute :permissions, [:add_issues] + Workflow.delete_all :role_id => 1 + + @request.session[:user_id] = 2 + get :new, :project_id => 1, :tracker_id => 1 + assert_response :success + assert_template 'new' + + assert_no_tag 'input', :attributes => {:name => 'issue[is_private]'} + assert_tag 'select', :attributes => {:name => 'issue[tracker_id]'} + assert_tag 'input', :attributes => {:name => 'issue[subject]'} + assert_tag 'textarea', :attributes => {:name => 'issue[description]'} + assert_tag 'select', :attributes => {:name => 'issue[status_id]'} + assert_tag 'select', :attributes => {:name => 'issue[priority_id]'} + assert_tag 'select', :attributes => {:name => 'issue[assigned_to_id]'} + assert_tag 'select', :attributes => {:name => 'issue[category_id]'} + assert_tag 'select', :attributes => {:name => 'issue[fixed_version_id]'} + assert_no_tag 'input', :attributes => {:name => 'issue[parent_issue_id]'} + assert_tag 'input', :attributes => {:name => 'issue[start_date]'} + assert_tag 'input', :attributes => {:name => 'issue[due_date]'} + assert_tag 'select', :attributes => {:name => 'issue[done_ratio]'} + assert_tag 'input', :attributes => { :name => 'issue[custom_field_values][2]', :value => 'Default string' } + assert_no_tag 'input', :attributes => {:name => 'issue[watcher_user_ids][]'} + end + def test_get_new_without_default_start_date_is_creation_date Setting.default_issue_start_date_to_creation_date = 0 |