diff options
-rw-r--r-- | app/controllers/news_controller.rb | 10 | ||||
-rw-r--r-- | app/views/news/_form.html.erb | 7 | ||||
-rw-r--r-- | app/views/news/index.html.erb | 8 | ||||
-rw-r--r-- | app/views/news/new.html.erb | 2 | ||||
-rw-r--r-- | config/routes.rb | 2 | ||||
-rw-r--r-- | test/functional/news_controller_test.rb | 49 | ||||
-rw-r--r-- | test/integration/routing/news_test.rb | 2 |
7 files changed, 69 insertions, 11 deletions
diff --git a/app/controllers/news_controller.rb b/app/controllers/news_controller.rb index fa6a62244..7f752fbc2 100644 --- a/app/controllers/news_controller.rb +++ b/app/controllers/news_controller.rb @@ -22,9 +22,9 @@ class NewsController < ApplicationController model_object News before_action :find_model_object, :except => [:new, :create, :index] before_action :find_project_from_association, :except => [:new, :create, :index] - before_action :find_project_by_project_id, :only => [:new, :create] - before_action :authorize, :except => [:index] - before_action :find_optional_project, :only => :index + before_action :find_project_by_project_id, :only => :create + before_action :authorize, :except => [:index, :new] + before_action :find_optional_project, :only => [:index, :new] accept_rss_auth :index accept_api_auth :index, :show, :create, :update, :destroy @@ -72,6 +72,8 @@ class NewsController < ApplicationController end def new + raise ::Unauthorized unless User.current.allowed_to?(:manage_news, @project, :global => true) + @news = News.new(:project => @project, :author => User.current) end @@ -84,7 +86,7 @@ class NewsController < ApplicationController format.html do render_attachment_warning_if_needed(@news) flash[:notice] = l(:notice_successful_create) - redirect_to project_news_index_path(@project) + redirect_to params[:cross_project] ? news_index_path : project_news_index_path(@project) end format.api {render_api_ok} end diff --git a/app/views/news/_form.html.erb b/app/views/news/_form.html.erb index a441b671d..8ce430732 100644 --- a/app/views/news/_form.html.erb +++ b/app/views/news/_form.html.erb @@ -1,6 +1,13 @@ <%= error_messages_for @news %> <div class="box tabular"> +<% if @project.nil? %> + <p> + <label><%= l(:field_project) %> <span class="required">*</span></label> + <%= select_tag :project_id, options_for_select(project_tree_options_for_select(Project.allowed_to(:manage_news).to_a), Project.allowed_to(:manage_news).first), {:required => true} %> + <%= hidden_field_tag :cross_project, 1, id: nil %> + </p> +<% end %> <p><%= f.text_field :title, :required => true, :size => 60 %></p> <p><%= f.text_area :summary, :cols => 60, :rows => 2 %></p> <p><%= f.text_area :description, :required => true, :cols => 60, :rows => 15, :class => 'wiki-edit', diff --git a/app/views/news/index.html.erb b/app/views/news/index.html.erb index 073099f56..3a8f1ccb2 100644 --- a/app/views/news/index.html.erb +++ b/app/views/news/index.html.erb @@ -1,19 +1,19 @@ <div class="contextual"> <%= link_to(l(:label_news_new), - new_project_news_path(@project), + (@project ? project_news_index_path(@project) : news_index_path), :class => 'icon icon-add', - :onclick => 'showAndScrollTo("add-news", "news_title"); return false;') if @project && User.current.allowed_to?(:manage_news, @project) %> + :onclick => 'showAndScrollTo("add-news", "news_title"); return false;') if (@project.nil? || (@project && User.current.allowed_to?(:manage_news, @project))) %> <%= watcher_link(@project.enabled_module('news'), User.current) if @project && User.current.logged? %> </div> <div id="add-news" style="display:none;"> <h2><%=l(:label_news_new)%></h2> -<%= labelled_form_for @news, :url => project_news_index_path(@project), +<%= labelled_form_for @news, :url => (@project ? project_news_index_path(@project) : news_index_path), :html => { :id => 'news-form', :multipart => true } do |f| %> <%= render :partial => 'news/form', :locals => { :f => f } %> <%= submit_tag l(:button_create) %> <%= link_to l(:button_cancel), "#", :onclick => '$("#add-news").hide()' %> -<% end if @project %> +<% end %> </div> <h2><%=l(:label_news_plural)%></h2> diff --git a/app/views/news/new.html.erb b/app/views/news/new.html.erb index cf57140b8..6ac32008d 100644 --- a/app/views/news/new.html.erb +++ b/app/views/news/new.html.erb @@ -1,6 +1,6 @@ <h2><%=l(:label_news_new)%></h2> -<%= labelled_form_for @news, :url => project_news_index_path(@project), +<%= labelled_form_for @news, :url => (@project ? project_news_index_path(@project) : news_index_path), :html => { :id => 'news-form', :multipart => true } do |f| %> <%= render :partial => 'news/form', :locals => { :f => f } %> <%= submit_tag l(:button_create) %> diff --git a/config/routes.rb b/config/routes.rb index 40c1d5f50..93ca77b5c 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -229,7 +229,7 @@ Rails.application.routes.draw do resources :queries, :except => [:show] get '/queries/filter', :to => 'queries#filter', :as => 'queries_filter' - resources :news, :only => [:index, :show, :edit, :update, :destroy] + resources :news, :only => [:index, :show, :edit, :update, :destroy, :create, :new] match '/news/:id/comments', :to => 'comments#create', :via => :post match '/news/:id/comments/:comment_id', :to => 'comments#destroy', :via => :delete diff --git a/test/functional/news_controller_test.rb b/test/functional/news_controller_test.rb index 76517e1a1..c6545fa15 100644 --- a/test/functional/news_controller_test.rb +++ b/test/functional/news_controller_test.rb @@ -87,13 +87,32 @@ class NewsControllerTest < Redmine::ControllerTest assert_response 404 end - def test_get_new + def test_get_new_with_project_id @request.session[:user_id] = 2 get(:new, :params => {:project_id => 1}) assert_response :success + assert_select 'select[name=project_id]', false assert_select 'input[name=?]', 'news[title]' end + def test_get_new_without_project_id + @request.session[:user_id] = 2 + get(:new) + assert_response :success + assert_select 'select[name=project_id]' + assert_select 'input[name=?]', 'news[title]' + end + + def test_get_new_if_user_does_not_have_permission + @request.session[:user_id] = 2 + User.find(2).roles.each{|u| u.remove_permission! :manage_news } + + get(:new) + assert_response :forbidden + assert_select 'select[name=project_id]', false + assert_select 'input[name=?]', 'news[title]', count: 0 + end + def test_post_create ActionMailer::Base.deliveries.clear @request.session[:user_id] = 2 @@ -121,6 +140,34 @@ class NewsControllerTest < Redmine::ControllerTest assert_equal 2, ActionMailer::Base.deliveries.size end + def test_post_create_with_cross_project_param + ActionMailer::Base.deliveries.clear + @request.session[:user_id] = 2 + + with_settings :notified_events => %w(news_added) do + post( + :create, + :params => { + :project_id => 1, + :cross_project => '1', + :news => { + :title => 'NewsControllerTest', + :description => 'This is the description', + :summary => '' + } + } + ) + end + assert_redirected_to '/news' + + news = News.find_by(title: 'NewsControllerTest') + assert_not_nil news + assert_equal 'This is the description', news.description + assert_equal User.find(2), news.author + assert_equal Project.find(1), news.project + assert_equal 2, ActionMailer::Base.deliveries.size + end + def test_post_create_with_attachment set_tmp_attachments_directory ActionMailer::Base.deliveries.clear diff --git a/test/integration/routing/news_test.rb b/test/integration/routing/news_test.rb index 8e62da774..7863fad5f 100644 --- a/test/integration/routing/news_test.rb +++ b/test/integration/routing/news_test.rb @@ -29,6 +29,8 @@ class RoutingNewsTest < Redmine::RoutingTest def test_news should_route 'GET /news' => 'news#index' + should_route 'GET /news/new' => 'news#new' + should_route 'POST /news' => 'news#create' should_route 'GET /news.atom' => 'news#index', :format => 'atom' should_route 'GET /news/2' => 'news#show', :id => '2' should_route 'GET /news/2/edit' => 'news#edit', :id => '2' |