diff options
author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-06-05 13:45:10 +0000 |
---|---|---|
committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-06-05 13:45:10 +0000 |
commit | c4fd1750f703a7649f0b3b52b25cf32fa532b5b3 (patch) | |
tree | f94e5de3b00a6eb8c2b6741f847c2bb8d75625f7 /app/controllers | |
parent | a23450fe08f367a1d4a03e937c3f8e90f83383fe (diff) | |
download | redmine-c4fd1750f703a7649f0b3b52b25cf32fa532b5b3.tar.gz redmine-c4fd1750f703a7649f0b3b52b25cf32fa532b5b3.zip |
Adds permission to edit and delete issues by role/tracker (#285).
git-svn-id: http://svn.redmine.org/redmine/trunk@15466 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/context_menus_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/issues_controller.rb | 9 |
2 files changed, 11 insertions, 2 deletions
diff --git a/app/controllers/context_menus_controller.rb b/app/controllers/context_menus_controller.rb index 59ee3a77a..66ec35085 100644 --- a/app/controllers/context_menus_controller.rb +++ b/app/controllers/context_menus_controller.rb @@ -29,11 +29,11 @@ class ContextMenusController < ApplicationController @allowed_statuses = @issues.map(&:new_statuses_allowed_to).reduce(:&) - @can = {:edit => User.current.allowed_to?(:edit_issues, @projects), + @can = {:edit => @issues.all?(&:attributes_editable?), :log_time => (@project && User.current.allowed_to?(:log_time, @project)), :copy => User.current.allowed_to?(:copy_issues, @projects) && Issue.allowed_target_projects.any?, :add_watchers => User.current.allowed_to?(:add_issue_watchers, @projects), - :delete => User.current.allowed_to?(:delete_issues, @projects) + :delete => @issues.all?(&:deletable?) } if @project if @issue diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index 37825c995..67956667a 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -211,6 +211,10 @@ class IssuesController < ApplicationController unless User.current.allowed_to?(:copy_issues, @projects) raise ::Unauthorized end + else + unless @issues.all?(&:attributes_editable?) + raise ::Unauthorized + end end @allowed_projects = Issue.allowed_target_projects @@ -263,6 +267,10 @@ class IssuesController < ApplicationController unless User.current.allowed_to?(:add_issues, target_projects) raise ::Unauthorized end + else + unless @issues.all?(&:attributes_editable?) + raise ::Unauthorized + end end unsaved_issues = [] @@ -316,6 +324,7 @@ class IssuesController < ApplicationController end def destroy + raise Unauthorized unless @issues.all?(&:deletable?) @hours = TimeEntry.where(:issue_id => @issues.map(&:id)).sum(:hours).to_f if @hours > 0 case params[:todo] |