Mail handler bypasses add_issue_notes permission (#35045).

Patch by Marius BALTEANU. git-svn-id: http://svn.redmine.org/redmine/trunk@20970 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Go MAEDA <maeda@farend.jp> 2021-04-25 13:02:13 +0000
committer: Go MAEDA <maeda@farend.jp> 2021-04-25 13:02:13 +0000
commit: cbd5f2ce8c2cc28a29c34c6aeea92e4f851e48f0 (patch)
tree: a3bbb2251b7306db5d3de9c770293ef17d89201f /test/unit/mail_handler_test.rb
parent: d67ed93f39d692e8806f079a78dcc13eaf4d705e (diff)
download: redmine-cbd5f2ce8c2cc28a29c34c6aeea92e4f851e48f0.tar.gz
redmine-cbd5f2ce8c2cc28a29c34c6aeea92e4f851e48f0.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/test/unit/mail_handler_test.rb b/test/unit/mail_handler_test.rb
index 836df11d6..3fd3ce072 100644
--- a/test/unit/mail_handler_test.rb
+++ b/test/unit/mail_handler_test.rb
@@ -1051,9 +1051,11 @@ class MailHandlerTest < ActiveSupport::TestCase
     end
   end
 
-  def test_reply_to_a_issue_without_permission
+  def test_reply_to_an_issue_without_permission
     set_tmp_attachments_directory
-    Role.all.each {|r| r.remove_permission! :add_issue_notes, :edit_issues}
+    # "add_issue_notes" permission is explicit required to allow users to add notes
+    # "edit_issue" permission no longer includes the "add_issue_notes" permission
+    Role.all.each {|r| r.remove_permission! :add_issue_notes}
     assert_no_difference 'Issue.count' do
       assert_no_difference 'Journal.count' do
         assert_not submit_email('ticket_reply_with_status.eml')
author	Go MAEDA <maeda@farend.jp>	2021-04-25 13:02:13 +0000
committer	Go MAEDA <maeda@farend.jp>	2021-04-25 13:02:13 +0000
commit	cbd5f2ce8c2cc28a29c34c6aeea92e4f851e48f0 (patch)
tree	a3bbb2251b7306db5d3de9c770293ef17d89201f /test/unit/mail_handler_test.rb
parent	d67ed93f39d692e8806f079a78dcc13eaf4d705e (diff)
download	redmine-cbd5f2ce8c2cc28a29c34c6aeea92e4f851e48f0.tar.gz redmine-cbd5f2ce8c2cc28a29c34c6aeea92e4f851e48f0.zip