Reverts r19569 (#33071).

404 error after deleting an attachment.


git-svn-id: http://svn.redmine.org/redmine/trunk@19579 e93f8b46-1217-0410-a6f0-8f06a7374b81

14 files changed, 2 insertions, 47 deletions

diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 62b5b58be..db90b55da 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -25,8 +25,6 @@ class AttachmentsController < ApplicationController
   before_action :delete_authorize, :only => :destroy
   before_action :authorize_global, :only => :upload
 
-  require_sudo_mode :destroy
-
   # Disable check for same origin requests for JS files, i.e. attachments with
   # MIME type text/javascript.
   skip_after_action :verify_same_origin_request, :only => :download
diff --git a/app/controllers/boards_controller.rb b/app/controllers/boards_controller.rb
index 7b3931619..86eb3d278 100644
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -22,8 +22,6 @@ class BoardsController < ApplicationController
   before_action :find_project_by_project_id, :find_board_if_available, :authorize
   accept_rss_auth :index, :show
 
-  require_sudo_mode :destroy
-
   helper :sort
   include SortHelper
   helper :watchers
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
index 748cb1187..f0b9a9271 100644
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -24,8 +24,6 @@ class CommentsController < ApplicationController
   before_action :find_project_from_association
   before_action :authorize
 
-  require_sudo_mode :destroy
-
   def create
     raise Unauthorized unless @news.commentable?
 
diff --git a/app/controllers/documents_controller.rb b/app/controllers/documents_controller.rb
index 235a6e5f0..b9e2633cc 100644
--- a/app/controllers/documents_controller.rb
+++ b/app/controllers/documents_controller.rb
@@ -25,8 +25,6 @@ class DocumentsController < ApplicationController
   before_action :find_project_from_association, :except => [:index, :new, :create]
   before_action :authorize
 
-  require_sudo_mode :destroy
-
   helper :attachments
   helper :custom_fields
 
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 83dee63e5..0d1acc95b 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -28,8 +28,6 @@ class IssuesController < ApplicationController
   accept_rss_auth :index, :show
   accept_api_auth :index, :show, :create, :update, :destroy
 
-  require_sudo_mode :destroy
-
   rescue_from Query::StatementInvalid, :with => :query_statement_invalid
 
   helper :journals
diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb
index e36c05a95..69af02066 100644
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@@ -25,8 +25,6 @@ class MessagesController < ApplicationController
   before_action :find_message, :except => [:new, :preview]
   before_action :authorize, :except => [:preview, :edit, :destroy]
 
-  require_sudo_mode :destroy
-
   helper :boards
   helper :watchers
   helper :attachments
diff --git a/app/controllers/news_controller.rb b/app/controllers/news_controller.rb
index deecca692..511f10ddb 100644
--- a/app/controllers/news_controller.rb
+++ b/app/controllers/news_controller.rb
@@ -28,8 +28,6 @@ class NewsController < ApplicationController
   accept_rss_auth :index
   accept_api_auth :index, :show, :create, :update, :destroy
 
-  require_sudo_mode :destroy
-
   helper :watchers
   helper :attachments
 
diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index 81fe6c5a7..0da256953 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -36,8 +36,6 @@ class RepositoriesController < ApplicationController
   before_action :authorize
   accept_rss_auth :revisions
 
-  require_sudo_mode :destroy
-
   rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed
 
   def new
diff --git a/app/controllers/timelog_controller.rb b/app/controllers/timelog_controller.rb
index 709c9aa94..d304fe3b2 100644
--- a/app/controllers/timelog_controller.rb
+++ b/app/controllers/timelog_controller.rb
@@ -33,8 +33,6 @@ class TimelogController < ApplicationController
   accept_rss_auth :index
   accept_api_auth :index, :show, :create, :update, :destroy
 
-  require_sudo_mode :destroy
-
   rescue_from Query::StatementInvalid, :with => :query_statement_invalid
 
   helper :issues
diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb
index 7554014f6..16dd35c99 100644
--- a/app/controllers/versions_controller.rb
+++ b/app/controllers/versions_controller.rb
@@ -27,8 +27,6 @@ class VersionsController < ApplicationController
 
   accept_api_auth :index, :show, :create, :update, :destroy
 
-  require_sudo_mode :destroy
-
   helper :custom_fields
   helper :projects
 
diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb
index a40563790..527f0b821 100644
--- a/app/controllers/wiki_controller.rb
+++ b/app/controllers/wiki_controller.rb
@@ -39,8 +39,6 @@ class WikiController < ApplicationController
   before_action :find_attachments, :only => [:preview]
   accept_api_auth :index, :show, :update, :destroy
 
-  require_sudo_mode :destroy, :destroy_version
-
   helper :attachments
   include AttachmentsHelper
   helper :watchers
diff --git a/app/controllers/wikis_controller.rb b/app/controllers/wikis_controller.rb
index fd52a09b1..edca739c6 100644
--- a/app/controllers/wikis_controller.rb
+++ b/app/controllers/wikis_controller.rb
@@ -21,8 +21,6 @@ class WikisController < ApplicationController
   menu_item :settings
   before_action :find_project, :authorize
 
-  require_sudo_mode :destroy, only: :post
-
   # Delete a project's wiki
   def destroy
     if request.post? && params[:confirm] && @project.wiki
diff --git a/config/configuration.yml.example b/config/configuration.yml.example
index f96f48f87..a8b6be83c 100644
--- a/config/configuration.yml.example
+++ b/config/configuration.yml.example
@@ -169,8 +169,7 @@ default:
 
   # Requires users to re-enter their password for sensitive actions (editing
   # of account data, project memberships, application settings, user, group,
-  # role, auth source management, project deletion and deletion of contents
-  # such as issues, attachments and wiki pages). Disabled by default.
+  # role, auth source management and project deletion). Disabled by default.
   # Timeout is set in minutes.
   #
   #sudo_mode: true
diff --git a/test/integration/sudo_mode_test.rb b/test/integration/sudo_mode_test.rb
index 389bc9daf..a2ff7cd09 100644
--- a/test/integration/sudo_mode_test.rb
+++ b/test/integration/sudo_mode_test.rb
@@ -3,9 +3,7 @@
 require File.expand_path('../../test_helper', __FILE__)
 
 class SudoModeTest < Redmine::IntegrationTest
-  fixtures :projects, :members, :member_roles, :roles, :users,
-           :email_addresses, :trackers, :projects_trackers, :enabled_modules,
-           :issue_statuses, :issues, :enumerations
+  fixtures :projects, :members, :member_roles, :roles, :users, :email_addresses
 
   def setup
     Redmine::SudoMode.stubs(:enabled?).returns(true)
@@ -194,24 +192,6 @@ class SudoModeTest < Redmine::IntegrationTest
     end
   end
 
-  def test_destroy_issue
-    log_user 'dlopper', 'foo'
-    expire_sudo_mode!
-    delete '/issues/2'
-    assert_response :success
-    assert_select 'h2', 'Confirm your password to continue'
-    assert_select 'form[action="/issues/2"]'
-    assert_select '#flash_error', 0
-
-    delete '/issues/2', :params => {:sudo_password => 'wrong'}
-    assert_response :success
-    assert_select 'h2', 'Confirm your password to continue'
-
-    assert_difference 'Issue.count', -1 do
-      delete '/issues/2', :params => {:sudo_password => 'foo'}
-    end
-  end
-
   private
 
   # sudo mode is active after sign, let it expire by advancing the time