summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--app/controllers/news_controller.rb10
-rw-r--r--app/views/news/_form.html.erb7
-rw-r--r--app/views/news/index.html.erb8
-rw-r--r--app/views/news/new.html.erb2
-rw-r--r--config/routes.rb2
-rw-r--r--test/functional/news_controller_test.rb49
-rw-r--r--test/integration/routing/news_test.rb2
7 files changed, 69 insertions, 11 deletions
diff --git a/app/controllers/news_controller.rb b/app/controllers/news_controller.rb
index fa6a62244..7f752fbc2 100644
--- a/app/controllers/news_controller.rb
+++ b/app/controllers/news_controller.rb
@@ -22,9 +22,9 @@ class NewsController < ApplicationController
model_object News
before_action :find_model_object, :except => [:new, :create, :index]
before_action :find_project_from_association, :except => [:new, :create, :index]
- before_action :find_project_by_project_id, :only => [:new, :create]
- before_action :authorize, :except => [:index]
- before_action :find_optional_project, :only => :index
+ before_action :find_project_by_project_id, :only => :create
+ before_action :authorize, :except => [:index, :new]
+ before_action :find_optional_project, :only => [:index, :new]
accept_rss_auth :index
accept_api_auth :index, :show, :create, :update, :destroy
@@ -72,6 +72,8 @@ class NewsController < ApplicationController
end
def new
+ raise ::Unauthorized unless User.current.allowed_to?(:manage_news, @project, :global => true)
+
@news = News.new(:project => @project, :author => User.current)
end
@@ -84,7 +86,7 @@ class NewsController < ApplicationController
format.html do
render_attachment_warning_if_needed(@news)
flash[:notice] = l(:notice_successful_create)
- redirect_to project_news_index_path(@project)
+ redirect_to params[:cross_project] ? news_index_path : project_news_index_path(@project)
end
format.api {render_api_ok}
end
diff --git a/app/views/news/_form.html.erb b/app/views/news/_form.html.erb
index a441b671d..8ce430732 100644
--- a/app/views/news/_form.html.erb
+++ b/app/views/news/_form.html.erb
@@ -1,6 +1,13 @@
<%= error_messages_for @news %>
<div class="box tabular">
+<% if @project.nil? %>
+ <p>
+ <label><%= l(:field_project) %> <span class="required">*</span></label>
+ <%= select_tag :project_id, options_for_select(project_tree_options_for_select(Project.allowed_to(:manage_news).to_a), Project.allowed_to(:manage_news).first), {:required => true} %>
+ <%= hidden_field_tag :cross_project, 1, id: nil %>
+ </p>
+<% end %>
<p><%= f.text_field :title, :required => true, :size => 60 %></p>
<p><%= f.text_area :summary, :cols => 60, :rows => 2 %></p>
<p><%= f.text_area :description, :required => true, :cols => 60, :rows => 15, :class => 'wiki-edit',
diff --git a/app/views/news/index.html.erb b/app/views/news/index.html.erb
index 073099f56..3a8f1ccb2 100644
--- a/app/views/news/index.html.erb
+++ b/app/views/news/index.html.erb
@@ -1,19 +1,19 @@
<div class="contextual">
<%= link_to(l(:label_news_new),
- new_project_news_path(@project),
+ (@project ? project_news_index_path(@project) : news_index_path),
:class => 'icon icon-add',
- :onclick => 'showAndScrollTo("add-news", "news_title"); return false;') if @project && User.current.allowed_to?(:manage_news, @project) %>
+ :onclick => 'showAndScrollTo("add-news", "news_title"); return false;') if (@project.nil? || (@project && User.current.allowed_to?(:manage_news, @project))) %>
<%= watcher_link(@project.enabled_module('news'), User.current) if @project && User.current.logged? %>
</div>
<div id="add-news" style="display:none;">
<h2><%=l(:label_news_new)%></h2>
-<%= labelled_form_for @news, :url => project_news_index_path(@project),
+<%= labelled_form_for @news, :url => (@project ? project_news_index_path(@project) : news_index_path),
:html => { :id => 'news-form', :multipart => true } do |f| %>
<%= render :partial => 'news/form', :locals => { :f => f } %>
<%= submit_tag l(:button_create) %>
<%= link_to l(:button_cancel), "#", :onclick => '$("#add-news").hide()' %>
-<% end if @project %>
+<% end %>
</div>
<h2><%=l(:label_news_plural)%></h2>
diff --git a/app/views/news/new.html.erb b/app/views/news/new.html.erb
index cf57140b8..6ac32008d 100644
--- a/app/views/news/new.html.erb
+++ b/app/views/news/new.html.erb
@@ -1,6 +1,6 @@
<h2><%=l(:label_news_new)%></h2>
-<%= labelled_form_for @news, :url => project_news_index_path(@project),
+<%= labelled_form_for @news, :url => (@project ? project_news_index_path(@project) : news_index_path),
:html => { :id => 'news-form', :multipart => true } do |f| %>
<%= render :partial => 'news/form', :locals => { :f => f } %>
<%= submit_tag l(:button_create) %>
diff --git a/config/routes.rb b/config/routes.rb
index 40c1d5f50..93ca77b5c 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -229,7 +229,7 @@ Rails.application.routes.draw do
resources :queries, :except => [:show]
get '/queries/filter', :to => 'queries#filter', :as => 'queries_filter'
- resources :news, :only => [:index, :show, :edit, :update, :destroy]
+ resources :news, :only => [:index, :show, :edit, :update, :destroy, :create, :new]
match '/news/:id/comments', :to => 'comments#create', :via => :post
match '/news/:id/comments/:comment_id', :to => 'comments#destroy', :via => :delete
diff --git a/test/functional/news_controller_test.rb b/test/functional/news_controller_test.rb
index 76517e1a1..c6545fa15 100644
--- a/test/functional/news_controller_test.rb
+++ b/test/functional/news_controller_test.rb
@@ -87,13 +87,32 @@ class NewsControllerTest < Redmine::ControllerTest
assert_response 404
end
- def test_get_new
+ def test_get_new_with_project_id
@request.session[:user_id] = 2
get(:new, :params => {:project_id => 1})
assert_response :success
+ assert_select 'select[name=project_id]', false
assert_select 'input[name=?]', 'news[title]'
end
+ def test_get_new_without_project_id
+ @request.session[:user_id] = 2
+ get(:new)
+ assert_response :success
+ assert_select 'select[name=project_id]'
+ assert_select 'input[name=?]', 'news[title]'
+ end
+
+ def test_get_new_if_user_does_not_have_permission
+ @request.session[:user_id] = 2
+ User.find(2).roles.each{|u| u.remove_permission! :manage_news }
+
+ get(:new)
+ assert_response :forbidden
+ assert_select 'select[name=project_id]', false
+ assert_select 'input[name=?]', 'news[title]', count: 0
+ end
+
def test_post_create
ActionMailer::Base.deliveries.clear
@request.session[:user_id] = 2
@@ -121,6 +140,34 @@ class NewsControllerTest < Redmine::ControllerTest
assert_equal 2, ActionMailer::Base.deliveries.size
end
+ def test_post_create_with_cross_project_param
+ ActionMailer::Base.deliveries.clear
+ @request.session[:user_id] = 2
+
+ with_settings :notified_events => %w(news_added) do
+ post(
+ :create,
+ :params => {
+ :project_id => 1,
+ :cross_project => '1',
+ :news => {
+ :title => 'NewsControllerTest',
+ :description => 'This is the description',
+ :summary => ''
+ }
+ }
+ )
+ end
+ assert_redirected_to '/news'
+
+ news = News.find_by(title: 'NewsControllerTest')
+ assert_not_nil news
+ assert_equal 'This is the description', news.description
+ assert_equal User.find(2), news.author
+ assert_equal Project.find(1), news.project
+ assert_equal 2, ActionMailer::Base.deliveries.size
+ end
+
def test_post_create_with_attachment
set_tmp_attachments_directory
ActionMailer::Base.deliveries.clear
diff --git a/test/integration/routing/news_test.rb b/test/integration/routing/news_test.rb
index 8e62da774..7863fad5f 100644
--- a/test/integration/routing/news_test.rb
+++ b/test/integration/routing/news_test.rb
@@ -29,6 +29,8 @@ class RoutingNewsTest < Redmine::RoutingTest
def test_news
should_route 'GET /news' => 'news#index'
+ should_route 'GET /news/new' => 'news#new'
+ should_route 'POST /news' => 'news#create'
should_route 'GET /news.atom' => 'news#index', :format => 'atom'
should_route 'GET /news/2' => 'news#show', :id => '2'
should_route 'GET /news/2/edit' => 'news#edit', :id => '2'