diff options
author | Go MAEDA <maeda@farend.jp> | 2023-03-02 04:32:34 +0000 |
---|---|---|
committer | Go MAEDA <maeda@farend.jp> | 2023-03-02 04:32:34 +0000 |
commit | 555acea7804e6a93b133fe7398f490cb083c05b2 (patch) | |
tree | f5a1471e7463a4c77cc99f36656c484e9215a114 /test | |
parent | 4dc56cd943b6cb5cfaae8bd21db2c8ef82e7a50c (diff) | |
download | redmine-555acea7804e6a93b133fe7398f490cb083c05b2.tar.gz redmine-555acea7804e6a93b133fe7398f490cb083c05b2.zip |
Check if the user has the permission to add notes or edit an issue when adding an issue attachments (#38297).
Patch by Holger Just.
git-svn-id: https://svn.redmine.org/redmine/trunk@22122 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test')
-rw-r--r-- | test/integration/issues_test.rb | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/test/integration/issues_test.rb b/test/integration/issues_test.rb index c9f5c3537..fe9cb19d0 100644 --- a/test/integration/issues_test.rb +++ b/test/integration/issues_test.rb @@ -140,6 +140,80 @@ class IssuesTest < Redmine::IntegrationTest assert_equal 0, Issue.find(1).attachments.length end + def test_edit_add_attachment_form + log_user('jsmith', 'jsmith') + role = Role.find(1) + + role.add_permission! :edit_issues + role.remove_permission! :edit_own_issues + role.remove_permission! :add_issue_notes + + get '/issues/1' + assert_response :success + assert_select 'div#new-attachments', 1 + + get '/issues/1/edit' + assert_response :success + assert_select 'div#new-attachments', 1 + + role.remove_permission! :edit_issues + role.add_permission! :edit_own_issues + role.remove_permission! :add_issue_notes + + get '/issues/1' + assert_response :success + assert_select 'div#new-attachments', 1 + + get '/issues/1/edit' + assert_response :success + assert_select 'div#new-attachments', 1 + + role.remove_permission! :edit_issues + role.remove_permission! :edit_own_issues + role.add_permission! :add_issue_notes + + get '/issues/1' + assert_response :success + assert_select 'div#new-attachments', 1 + + get '/issues/1/edit' + assert_response :success + assert_select 'div#new-attachments', 1 + end + + def test_edit_check_permission_for_add_attachment + log_user('jsmith', 'jsmith') + role = Role.find(1) + + role.remove_permission! :edit_issues + role.remove_permission! :edit_own_issues + role.add_permission! :add_issue_notes + + role.permissions_all_trackers = {'view_issues' => '0', 'add_issue_notes' => '0' } + role.permissions_tracker_ids = {'view_issues' => ['1'], 'add_issue_notes' => ['2'] } + role.save! + + assert_no_difference 'Attachment.count' do + put( + '/issues/1', + :params => { + :issue => {:notes => 'Some notes'}, + :attachments => { + '1' => { + 'file' => uploaded_test_file('testfile.txt', 'text/plain'), + 'description' => 'This is an attachment' + } + } + } + ) + end + assert_redirected_to '/issues/1' + + follow_redirect! + assert_response :success + assert_select '.flash', '1 file(s) could not be saved.' + end + def test_next_and_previous_links_should_be_displayed_after_query_grouped_and_sorted_by_version with_settings :default_language => 'en' do get '/projects/ecookbook/issues?set_filter=1&group_by=fixed_version&sort=priority:desc,fixed_version,id' |