diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-06-05 13:45:10 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2016-06-05 13:45:10 +0000 |
| commit | c4fd1750f703a7649f0b3b52b25cf32fa532b5b3 (patch) | |
| tree | f94e5de3b00a6eb8c2b6741f847c2bb8d75625f7 /app/models/issue.rb | |
| parent | a23450fe08f367a1d4a03e937c3f8e90f83383fe (diff) | |
| download | redmine-c4fd1750f703a7649f0b3b52b25cf32fa532b5b3.tar.gz redmine-c4fd1750f703a7649f0b3b52b25cf32fa532b5b3.zip | |
Adds permission to edit and delete issues by role/tracker (#285).
git-svn-id: http://svn.redmine.org/redmine/trunk@15466 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/models/issue.rb')
| -rw-r--r-- | app/models/issue.rb | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/app/models/issue.rb b/app/models/issue.rb index 91ea73a6f..28a7f9fe6 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -172,14 +172,24 @@ class Issue < ActiveRecord::Base end end - # Returns true if user or current user is allowed to edit or add a note to the issue + # Returns true if user or current user is allowed to edit or add notes to the issue def editable?(user=User.current) - attributes_editable?(user) || user.allowed_to?(:add_issue_notes, project) + attributes_editable?(user) || notes_addable?(user) end # Returns true if user or current user is allowed to edit the issue def attributes_editable?(user=User.current) - user.allowed_to?(:edit_issues, project) + user_tracker_permission?(user, :edit_issues) + end + + # Returns true if user or current user is allowed to add notes to the issue + def notes_addable?(user=User.current) + user_tracker_permission?(user, :add_issue_notes) + end + + # Returns true if user or current user is allowed to delete the issue + def deletable?(user=User.current) + user_tracker_permission?(user, :delete_issues) end def initialize(attributes=nil, *args) @@ -429,10 +439,10 @@ class Issue < ActiveRecord::Base 'custom_fields', 'lock_version', 'notes', - :if => lambda {|issue, user| issue.new_record? || user.allowed_to?(:edit_issues, issue.project) } + :if => lambda {|issue, user| issue.new_record? || issue.attributes_editable?(user) } safe_attributes 'notes', - :if => lambda {|issue, user| user.allowed_to?(:add_issue_notes, issue.project)} + :if => lambda {|issue, user| issue.notes_addable?(user)} safe_attributes 'private_notes', :if => lambda {|issue, user| !issue.new_record? && user.allowed_to?(:set_notes_private, issue.project)} @@ -447,7 +457,7 @@ class Issue < ActiveRecord::Base } safe_attributes 'parent_issue_id', - :if => lambda {|issue, user| (issue.new_record? || user.allowed_to?(:edit_issues, issue.project)) && + :if => lambda {|issue, user| (issue.new_record? || issue.attributes_editable?(user)) && user.allowed_to?(:manage_subtasks, issue.project)} def safe_attribute_names(user=nil) @@ -1406,6 +1416,11 @@ class Issue < ActiveRecord::Base private + def user_tracker_permission?(user, permission) + roles = user.roles_for_project(project).select {|r| r.has_permission?(permission)} + roles.any? {|r| r.permissions_all_trackers?(permission) || r.permissions_tracker_ids?(permission, tracker_id)} + end + def after_project_change # Update project_id on related time entries TimeEntry.where({:issue_id => id}).update_all(["project_id = ?", project_id]) |