diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2014-12-13 14:01:56 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2014-12-13 14:01:56 +0000 |
| commit | 07b44a46628c1fc5ac9797b3b376f48c986c8d1b (patch) | |
| tree | b115048d1d01b1325cf448d68e0b8540ea94c548 | |
| parent | 95f58c69d257a9a195ff41d49a95721738841993 (diff) | |
| download | redmine-07b44a46628c1fc5ac9797b3b376f48c986c8d1b.tar.gz redmine-07b44a46628c1fc5ac9797b3b376f48c986c8d1b.zip | |
Droped legacy behaviour that allows a user to edit a few attributes of an issue without the edit_issues permission if a status transition is allowed (#15988).
Now that we can control permission on each field, this behaviour is no longer needed. The edit_issues permission is now required, which is consistent with the current requirements for bulk edition.
git-svn-id: http://svn.redmine.org/redmine/trunk@13746 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/models/issue.rb | 8 | ||||
| -rw-r--r-- | app/views/issues/_edit.html.erb | 2 | ||||
| -rw-r--r-- | test/functional/issues_controller_test.rb | 62 |
3 files changed, 1 insertions, 71 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb index 84a5d7b6c..31c427bd6 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -405,14 +405,6 @@ class Issue < ActiveRecord::Base 'notes', :if => lambda {|issue, user| issue.new_record? || user.allowed_to?(:edit_issues, issue.project) } - safe_attributes 'status_id', - 'assigned_to_id', - 'fixed_version_id', - 'done_ratio', - 'lock_version', - 'notes', - :if => lambda {|issue, user| issue.new_statuses_allowed_to(user).any? } - safe_attributes 'notes', :if => lambda {|issue, user| user.allowed_to?(:add_issue_notes, issue.project)} diff --git a/app/views/issues/_edit.html.erb b/app/views/issues/_edit.html.erb index e09a72695..b16e85f2f 100644 --- a/app/views/issues/_edit.html.erb +++ b/app/views/issues/_edit.html.erb @@ -2,7 +2,7 @@ <%= error_messages_for 'issue', 'time_entry' %> <%= render :partial => 'conflict' if @conflict %> <div class="box"> - <% if @edit_allowed || !@allowed_statuses.empty? %> + <% if @edit_allowed %> <fieldset class="tabular"><legend><%= l(:label_change_properties) %></legend> <div id="all_attributes"> <%= render :partial => 'form', :locals => {:f => f} %> diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb index 75368d9f9..25829e733 100644 --- a/test/functional/issues_controller_test.rb +++ b/test/functional/issues_controller_test.rb @@ -979,34 +979,6 @@ class IssuesControllerTest < ActionController::TestCase end end - def test_show_should_display_update_form_with_workflow_permissions - Role.find(1).update_attribute :permissions, [:view_issues, :add_issue_notes] - - @request.session[:user_id] = 2 - get :show, :id => 1 - assert_response :success - - assert_select 'form#issue-form' do - assert_select 'input[name=?]', 'issue[is_private]', 0 - assert_select 'select[name=?]', 'issue[project_id]', 0 - assert_select 'select[name=?]', 'issue[tracker_id]', 0 - assert_select 'input[name=?]', 'issue[subject]', 0 - assert_select 'textarea[name=?]', 'issue[description]', 0 - assert_select 'select[name=?]', 'issue[status_id]' - assert_select 'select[name=?]', 'issue[priority_id]', 0 - assert_select 'select[name=?]', 'issue[assigned_to_id]' - assert_select 'select[name=?]', 'issue[category_id]', 0 - assert_select 'select[name=?]', 'issue[fixed_version_id]' - assert_select 'input[name=?]', 'issue[parent_issue_id]', 0 - assert_select 'input[name=?]', 'issue[start_date]', 0 - assert_select 'input[name=?]', 'issue[due_date]', 0 - assert_select 'select[name=?]', 'issue[done_ratio]' - assert_select 'input[name=?]', 'issue[custom_field_values][2]', 0 - assert_select 'input[name=?]', 'issue[watcher_user_ids][]', 0 - assert_select 'textarea[name=?]', 'issue[notes]' - end - end - def test_show_should_not_display_update_form_without_permissions Role.find(1).update_attribute :permissions, [:view_issues] @@ -2405,40 +2377,6 @@ class IssuesControllerTest < ActionController::TestCase end private :setup_with_workflow_privilege - test "with workflow privilege #update should accept authorized status" do - setup_with_workflow_privilege - assert_difference 'Journal.count' do - put :update, :id => 1, :issue => {:status_id => 3, :notes => 'just trying'} - end - assert_equal 3, Issue.find(1).status_id - end - - test "with workflow privilege #update should ignore unauthorized status" do - setup_with_workflow_privilege - assert_difference 'Journal.count' do - put :update, :id => 1, :issue => {:status_id => 2, :notes => 'just trying'} - end - assert_equal 1, Issue.find(1).status_id - end - - test "with workflow privilege #update should accept authorized attributes changes" do - setup_with_workflow_privilege - assert_difference 'Journal.count' do - put :update, :id => 1, :issue => {:assigned_to_id => 2, :notes => 'just trying'} - end - issue = Issue.find(1) - assert_equal 2, issue.assigned_to_id - end - - test "with workflow privilege #update should ignore unauthorized attributes changes" do - setup_with_workflow_privilege - assert_difference 'Journal.count' do - put :update, :id => 1, :issue => {:subject => 'changed', :notes => 'just trying'} - end - issue = Issue.find(1) - assert_equal "Can't print recipes", issue.subject - end - def setup_with_workflow_privilege_and_edit_issues_permission setup_with_workflow_privilege Role.anonymous.add_permission! :add_issues, :edit_issues |