diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-09-21 20:32:11 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-09-21 20:32:11 +0000 |
| commit | 64a80066bd8681f477f675a960f2b258c285044c (patch) | |
| tree | 72f38eeb36302ce61035a5135a0b1496e7a6d590 | |
| parent | aa096cb0cc96c0b7f12274dcf7bbd3d8e3e44948 (diff) | |
| download | redmine-64a80066bd8681f477f675a960f2b258c285044c.tar.gz redmine-64a80066bd8681f477f675a960f2b258c285044c.zip | |
Error message when editing a child project without add project/subprojects permissions (#20282).
git-svn-id: http://svn.redmine.org/redmine/trunk@14619 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/models/project.rb | 14 | ||||
| -rw-r--r-- | test/functional/projects_controller_test.rb | 11 | ||||
| -rw-r--r-- | test/object_helpers.rb | 5 |
3 files changed, 23 insertions, 7 deletions
diff --git a/app/models/project.rb b/app/models/project.rb index 18c4a20c9..2704be247 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -700,12 +700,14 @@ class Project < ActiveRecord::Base attrs = attrs.deep_dup @unallowed_parent_id = nil - parent_id_param = attrs['parent_id'].to_s - if parent_id_param.blank? || parent_id_param != parent_id.to_s - p = parent_id_param.present? ? Project.find_by_id(parent_id_param) : nil - unless allowed_parents(user).include?(p) - attrs.delete('parent_id') - @unallowed_parent_id = true + if new_record? || attrs.key?('parent_id') + parent_id_param = attrs['parent_id'].to_s + if new_record? || parent_id_param != parent_id.to_s + p = parent_id_param.present? ? Project.find_by_id(parent_id_param) : nil + unless allowed_parents(user).include?(p) + attrs.delete('parent_id') + @unallowed_parent_id = true + end end end diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb index cfc93face..b711d5e1e 100644 --- a/test/functional/projects_controller_test.rb +++ b/test/functional/projects_controller_test.rb @@ -495,6 +495,17 @@ class ProjectsControllerTest < ActionController::TestCase assert_equal 'eCookbook', Project.find(1).name end + def test_update_child_project_without_parent_permission_should_not_show_validation_error + child = Project.generate_with_parent! + user = User.generate! + User.add_to_project(user, child, Role.generate!(:permissions => [:edit_project])) + @request.session[:user_id] = user.id + + post :update, :id => child.id, :project => {:name => 'Updated'} + assert_response 302 + assert_match /Successful update/, flash[:notice] + end + def test_modules @request.session[:user_id] = 2 Project.find(1).enabled_module_names = ['issue_tracking', 'news'] diff --git a/test/object_helpers.rb b/test/object_helpers.rb index 82d8d20fc..905ab0998 100644 --- a/test/object_helpers.rb +++ b/test/object_helpers.rb @@ -39,7 +39,10 @@ module ObjectHelpers project end - def Project.generate_with_parent!(parent, attributes={}) + def Project.generate_with_parent!(*args) + attributes = args.last.is_a?(Hash) ? args.pop : {} + parent = args.size > 0 ? args.first : Project.generate! + project = Project.generate!(attributes) do |p| p.parent = parent end |