summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2016-08-30 19:32:52 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2016-08-30 19:32:52 +0000
commitb405a0be535b365276dfdfbf092107bb07c70713 (patch)
tree8133315a6bef62314521b3d723c5adbadaf421ed
parent9f9232381ab6fc11a1d8a06bdbfb33d54d4e3623 (diff)
downloadredmine-b405a0be535b365276dfdfbf092107bb07c70713.tar.gz
redmine-b405a0be535b365276dfdfbf092107bb07c70713.zip
Disable "Select project modules" permission does not apply to the new project form (#23470).
git-svn-id: http://svn.redmine.org/redmine/trunk@15752 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r--app/models/project.rb20
-rw-r--r--app/views/projects/_form.html.erb2
-rw-r--r--test/functional/projects_controller_test.rb44
3 files changed, 63 insertions, 3 deletions
diff --git a/app/models/project.rb b/app/models/project.rb
index b6ca8a095..2fc35ec4d 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -500,12 +500,18 @@ class Project < ActiveRecord::Base
# Adds user as a project member with the default role
# Used for when a non-admin user creates a project
def add_default_member(user)
- role = Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
+ role = self.class.default_member_role
member = Member.new(:project => self, :principal => user, :roles => [role])
self.members << member
member
end
+ # Default role that is given to non-admin users that
+ # create a project
+ def self.default_member_role
+ Role.givable.find_by_id(Setting.new_project_user_role_id.to_i) || Role.givable.first
+ end
+
# Deletes all project's members
def delete_all_members
me, mr = Member.table_name, MemberRole.table_name
@@ -716,7 +722,17 @@ class Project < ActiveRecord::Base
'default_version_id'
safe_attributes 'enabled_module_names',
- :if => lambda {|project, user| project.new_record? || user.allowed_to?(:select_project_modules, project) }
+ :if => lambda {|project, user|
+ if project.new_record?
+ if user.admin?
+ true
+ else
+ default_member_role.has_permission?(:select_project_modules)
+ end
+ else
+ user.allowed_to?(:select_project_modules, project)
+ end
+ }
safe_attributes 'inherit_members',
:if => lambda {|project, user| project.parent.nil? || project.parent.visible?(user)}
diff --git a/app/views/projects/_form.html.erb b/app/views/projects/_form.html.erb
index b75ce82d6..1e5917e88 100644
--- a/app/views/projects/_form.html.erb
+++ b/app/views/projects/_form.html.erb
@@ -32,7 +32,7 @@
<%= call_hook(:view_projects_form, :project => @project, :form => f) %>
</div>
-<% if @project.new_record? %>
+<% if @project.new_record? && @project.safe_attribute?('enabled_module_names') %>
<fieldset class="box tabular"><legend><%= l(:label_module_plural) %></legend>
<% Redmine::AccessControl.available_project_modules.each do |m| %>
<label class="floating">
diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb
index 2a2cbbde3..423a4a045 100644
--- a/test/functional/projects_controller_test.rb
+++ b/test/functional/projects_controller_test.rb
@@ -111,6 +111,22 @@ class ProjectsControllerTest < Redmine::ControllerTest
end
end
+ def test_new_by_non_admin_should_display_modules_if_default_role_is_allowed_to_select_modules
+ Role.non_member.add_permission!(:add_project)
+ default_role = Role.generate!(:permissions => [:view_issues])
+ user = User.generate!
+ @request.session[:user_id] = user.id
+
+ with_settings :new_project_user_role_id => default_role.id.to_s do
+ get :new
+ assert_select 'input[name=?]', 'project[enabled_module_names][]', 0
+
+ default_role.add_permission!(:select_project_modules)
+ get :new
+ assert_select 'input[name=?]', 'project[enabled_module_names][]'
+ end
+ end
+
def test_new_should_not_display_invalid_search_link
@request.session[:user_id] = 1
@@ -277,6 +293,34 @@ class ProjectsControllerTest < Redmine::ControllerTest
assert_select_error /Subproject of is invalid/
end
+ def test_create_by_non_admin_should_accept_modules_if_default_role_is_allowed_to_select_modules
+ Role.non_member.add_permission!(:add_project)
+ default_role = Role.generate!(:permissions => [:view_issues, :add_project])
+ user = User.generate!
+ @request.session[:user_id] = user.id
+
+ with_settings :new_project_user_role_id => default_role.id.to_s, :default_projects_modules => %w(news files) do
+ project = new_record(Project) do
+ post :create, :project => {
+ :name => "blog1",
+ :identifier => "blog1",
+ :enabled_module_names => ["issue_tracking", "repository"]
+ }
+ end
+ assert_equal %w(files news), project.enabled_module_names.sort
+
+ default_role.add_permission!(:select_project_modules)
+ project = new_record(Project) do
+ post :create, :project => {
+ :name => "blog2",
+ :identifier => "blog2",
+ :enabled_module_names => ["issue_tracking", "repository"]
+ }
+ end
+ assert_equal %w(issue_tracking repository), project.enabled_module_names.sort
+ end
+ end
+
def test_create_subproject_with_inherit_members_should_inherit_members
Role.find_by_name('Manager').add_permission! :add_subprojects
parent = Project.find(1)