diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2009-12-24 16:18:15 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2009-12-24 16:18:15 +0000 |
| commit | 62c83bdd2e1b06fcd873ba6d638c0bf59e390958 (patch) | |
| tree | cfff2b493b317d0b870ce1499725e008f1b85ff1 /app/controllers | |
| parent | 24fde6f1096074cc596a3fbab0165f682a554e82 (diff) | |
| download | redmine-62c83bdd2e1b06fcd873ba6d638c0bf59e390958.tar.gz redmine-62c83bdd2e1b06fcd873ba6d638c0bf59e390958.zip | |
Adds a 'Add subprojects' permission.
* 'Add project' permission will let user create a root project
* 'Add subprojects' permission will let project members create subprojects
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3238 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/projects_controller.rb | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 386807f55..722893798 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -73,7 +73,7 @@ class ProjectsController < ApplicationController @project.enabled_module_names = Setting.default_projects_modules else @project.enabled_module_names = params[:enabled_modules] - if @project.save + if validate_parent_id && @project.save @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id') # Add current user as a project member if he is not admin unless User.current.admin? @@ -104,7 +104,7 @@ class ProjectsController < ApplicationController else @project = Project.new(params[:project]) @project.enabled_module_names = params[:enabled_modules] - if @project.copy(@source_project, :only => params[:only]) + if validate_parent_id && @project.copy(@source_project, :only => params[:only]) @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id') flash[:notice] = l(:notice_successful_create) redirect_to :controller => 'admin', :action => 'projects' @@ -156,7 +156,7 @@ class ProjectsController < ApplicationController def edit if request.post? @project.attributes = params[:project] - if @project.save + if validate_parent_id && @project.save @project.set_allowed_parent!(params[:project]['parent_id']) if params[:project].has_key?('parent_id') flash[:notice] = l(:notice_successful_update) redirect_to :action => 'settings', :id => @project @@ -395,4 +395,19 @@ private @selected_tracker_ids = (default_trackers || selectable_trackers).collect {|t| t.id.to_s } end end + + # Validates parent_id param according to user's permissions + # TODO: move it to Project model in a validation that depends on User.current + def validate_parent_id + return true if User.current.admin? + parent_id = params[:project] && params[:project][:parent_id] + if parent_id || @project.new_record? + parent = parent_id.blank? ? nil : Project.find_by_id(parent_id.to_i) + unless @project.allowed_parents.include?(parent) + @project.errors.add :parent_id, :invalid + return false + end + end + true + end end |