summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2015-05-09 10:10:28 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2015-05-09 10:10:28 +0000
commit27bcd879f31450bf32397864b4d36d2bacc8ee6d (patch)
tree93844a55d839bb8b7496ac8804c8cf6d4d74765d /test
parent6b11840b4268769e003b0255f52eb03657d5ad38 (diff)
downloadredmine-27bcd879f31450bf32397864b4d36d2bacc8ee6d.tar.gz
redmine-27bcd879f31450bf32397864b4d36d2bacc8ee6d.zip
Can't bulk edit own time entries with "Edit own time entries" (#18580).
git-svn-id: http://svn.redmine.org/redmine/trunk@14242 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test')
-rw-r--r--test/functional/context_menus_controller_test.rb12
-rw-r--r--test/functional/timelog_controller_test.rb29
2 files changed, 41 insertions, 0 deletions
diff --git a/test/functional/context_menus_controller_test.rb b/test/functional/context_menus_controller_test.rb
index 0ecbf63da..2b5bd7414 100644
--- a/test/functional/context_menus_controller_test.rb
+++ b/test/functional/context_menus_controller_test.rb
@@ -276,6 +276,18 @@ class ContextMenusControllerTest < ActionController::TestCase
end
end
+ def test_time_entries_context_menu_with_edit_own_time_entries_permission
+ @request.session[:user_id] = 2
+ Role.find_by_name('Manager').remove_permission! :edit_time_entries
+ Role.find_by_name('Manager').add_permission! :edit_own_time_entries
+ ids = (0..1).map {TimeEntry.generate!(:user => User.find(2)).id}
+
+ get :time_entries, :ids => ids
+ assert_response :success
+ assert_template 'context_menus/time_entries'
+ assert_select 'a:not(.disabled)', :text => 'Edit'
+ end
+
def test_time_entries_context_menu_without_edit_permission
@request.session[:user_id] = 2
Role.find_by_name('Manager').remove_permission! :edit_time_entries
diff --git a/test/functional/timelog_controller_test.rb b/test/functional/timelog_controller_test.rb
index 38ffcfa2b..1d925f6bf 100644
--- a/test/functional/timelog_controller_test.rb
+++ b/test/functional/timelog_controller_test.rb
@@ -425,6 +425,16 @@ class TimelogControllerTest < ActionController::TestCase
assert_template 'bulk_edit'
end
+ def test_bulk_edit_with_edit_own_time_entries_permission
+ @request.session[:user_id] = 2
+ Role.find_by_name('Manager').remove_permission! :edit_time_entries
+ Role.find_by_name('Manager').add_permission! :edit_own_time_entries
+ ids = (0..1).map {TimeEntry.generate!(:user => User.find(2)).id}
+
+ get :bulk_edit, :ids => ids
+ assert_response :success
+ end
+
def test_bulk_update
@request.session[:user_id] = 2
# update time entry activity
@@ -466,6 +476,25 @@ class TimelogControllerTest < ActionController::TestCase
assert_response 403
end
+ def test_bulk_update_with_edit_own_time_entries_permission
+ @request.session[:user_id] = 2
+ Role.find_by_name('Manager').remove_permission! :edit_time_entries
+ Role.find_by_name('Manager').add_permission! :edit_own_time_entries
+ ids = (0..1).map {TimeEntry.generate!(:user => User.find(2)).id}
+
+ post :bulk_update, :ids => ids, :time_entry => { :activity_id => 9 }
+ assert_response 302
+ end
+
+ def test_bulk_update_with_edit_own_time_entries_permissions_should_be_denied_for_time_entries_of_other_user
+ @request.session[:user_id] = 2
+ Role.find_by_name('Manager').remove_permission! :edit_time_entries
+ Role.find_by_name('Manager').add_permission! :edit_own_time_entries
+
+ post :bulk_update, :ids => [1, 2], :time_entry => { :activity_id => 9 }
+ assert_response 403
+ end
+
def test_bulk_update_custom_field
@request.session[:user_id] = 2
post :bulk_update, :ids => [1, 2], :time_entry => { :custom_field_values => {'10' => '0'} }