Fix that Log time and/or Add notes sections from issue form page do not show or hide dynamically based on user permission (#34641).

git-svn-id: https://svn.redmine.org/redmine/trunk@21495 e93f8b46-1217-0410-a6f0-8f06a7374b81

5 files changed, 55 insertions, 13 deletions

diff --git a/app/views/issues/_edit.html.erb b/app/views/issues/_edit.html.erb
index 954f606f3..226b6f988 100644
--- a/app/views/issues/_edit.html.erb
+++ b/app/views/issues/_edit.html.erb
@@ -9,8 +9,8 @@
         </div>
         </fieldset>
     <% end %>
-    <% if User.current.allowed_to?(:log_time, @project) %>
-        <fieldset class="tabular"><legend><%= l(:button_log_time) %></legend>
+    <% if User.current.allowed_to?(:log_time, @issue.project) %>
+        <fieldset class="tabular" id="log_time"><legend><%= l(:button_log_time) %></legend>
         <%= labelled_fields_for :time_entry, @time_entry do |time_entry| %>
         <div class="splitcontent">
         <div class="splitcontentleft">
@@ -28,7 +28,7 @@
     </fieldset>
     <% end %>
     <% if @issue.notes_addable? %>
-      <fieldset><legend><%= l(:field_notes) %></legend>
+      <fieldset id="add_notes"><legend><%= l(:field_notes) %></legend>
       <%= f.text_area :notes, :cols => 60, :rows => 10, :class => 'wiki-edit',
             :data => {
                 :auto_complete => true
@@ -43,7 +43,7 @@
       <%= call_hook(:view_issues_edit_notes_bottom, { :issue => @issue, :notes => @notes, :form => f }) %>
       </fieldset>
 
-      <fieldset><legend><%= l(:label_attachment_plural) %></legend>
+      <fieldset id="add_attachments"><legend><%= l(:label_attachment_plural) %></legend>
         <% if @issue.attachments.any? && @issue.safe_attribute?('deleted_attachment_ids') %>
         <div class="contextual"><%= link_to l(:label_edit_attachments), '#', :onclick => "$('#existing-attachments').toggle(); return false;" %></div>
         <div id="existing-attachments" style="<%= @issue.deleted_attachment_ids.blank? ? 'display:none;' : '' %>">
diff --git a/app/views/issues/edit.js.erb b/app/views/issues/edit.js.erb
index 8c94aeceb..ed8fc3ca8 100644
--- a/app/views/issues/edit.js.erb
+++ b/app/views/issues/edit.js.erb
@@ -1,7 +1 @@
-replaceIssueFormWith('<%= escape_javascript(render :partial => 'form') %>');
-
-<% if User.current.allowed_to?(:log_time, @issue.project) %>
-  $('#log_time').show();
-<% else %>
-  $('#log_time').hide();
-<% end %>
+replaceIssueFormWith('<%= escape_javascript(render :partial => 'edit') %>');
diff --git a/public/javascripts/application.js b/public/javascripts/application.js
index 91da19229..efff38da7 100644
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -622,8 +622,13 @@ function replaceIssueFormWith(html){
       replacement.find('#'+object_id).val($(this).val());
     }
   });
-  $('#all_attributes').empty();
-  $('#all_attributes').prepend(replacement);
+
+  if ($('form.new_issue').length > 0) {
+    $('#all_attributes').empty();
+    $('#all_attributes').prepend(replacement);
+  } else {
+    $('#issue-form').replaceWith(replacement);
+  }
 }
 
 function updateBulkEditFrom(url) {
diff --git a/test/application_system_test_case.rb b/test/application_system_test_case.rb
index a8b6f55d5..d813f0ce3 100644
--- a/test/application_system_test_case.rb
+++ b/test/application_system_test_case.rb
@@ -81,6 +81,12 @@ class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
     assert_equal '/my/page', current_path
   end
 
+  def wait_for_ajax
+    Timeout.timeout(Capybara.default_max_wait_time) do
+      loop until page.evaluate_script("jQuery.active").zero?
+    end
+  end
+
   def clear_downloaded_files
     FileUtils.rm downloaded_files
   end
diff --git a/test/system/issues_test.rb b/test/system/issues_test.rb
index 4d0486088..935470e1a 100644
--- a/test/system/issues_test.rb
+++ b/test/system/issues_test.rb
@@ -587,4 +587,41 @@ class IssuesSystemTest < ApplicationSystemTestCase
       assert page.has_text? 'Related to Bug #7'
     end
   end
+
+  def test_update_issue_form_should_include_time_entry_form_only_for_users_with_permission
+    log_user('jsmith', 'jsmith')
+
+    visit '/issues/2'
+    page.first(:link, 'Edit').click
+
+    # assert log time form exits for user with required permissions on the current project
+    assert page.has_css?('#log_time')
+
+    # Change project to trigger an update on issue form
+    page.find('#issue_project_id').select('» Private child of eCookbook')
+    wait_for_ajax
+
+    # assert log time form does not exist anymore for user without required permissions on the new project
+    assert_not page.has_css?('#log_time')
+  end
+
+  def test_update_issue_form_should_include_add_notes_form_only_for_users_with_permission
+    log_user('jsmith', 'jsmith')
+
+    visit '/issues/2'
+    page.first(:link, 'Edit').click
+
+    # assert add notes form exits for user with required permissions on the current project
+    assert page.has_css?('#add_notes')
+
+    # remove add issue notes permission from Manager role
+    Role.find_by_name('Manager').remove_permission! :add_issue_notes
+
+    # Change project to trigger an update on issue form
+    page.find('#issue_project_id').select('» Private child of eCookbook')
+    wait_for_ajax
+
+    # assert add notes form does not exist anymore for user without required permissions on the new project
+    assert_not page.has_css?('#add_notes')
+  end
 end