diff options
42 files changed, 106 insertions, 30 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 9123cfc07..fcf83c92a 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -114,10 +114,15 @@ class ApplicationController < ActionController::Base end # Authorize the user for the requested action - def authorize(ctrl = params[:controller], action = params[:action]) - allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project) + def authorize(ctrl = params[:controller], action = params[:action], global = false) + allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project, :global => global) allowed ? true : deny_access end + + # Authorize the user for the requested action outside a project + def authorize_global(ctrl = params[:controller], action = params[:action], global = true) + authorize(ctrl, action, global) + end # make sure that the user is a member of the project (or admin) if project is private # used as a before_filter for actions that do not require any particular permission on the project diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 0dcc874c6..5f508cb5f 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -26,7 +26,8 @@ class ProjectsController < ApplicationController before_filter :find_project, :except => [ :index, :list, :add, :copy, :activity ] before_filter :find_optional_project, :only => :activity before_filter :authorize, :except => [ :index, :list, :add, :copy, :archive, :unarchive, :destroy, :activity ] - before_filter :require_admin, :only => [ :add, :copy, :archive, :unarchive, :destroy ] + before_filter :authorize_global, :only => :add + before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ] accept_key_auth :activity after_filter :only => [:add, :edit, :archive, :unarchive, :destroy] do |controller| @@ -75,9 +76,14 @@ class ProjectsController < ApplicationController @project.enabled_module_names = params[:enabled_modules] if @project.save @project.set_parent!(params[:project]['parent_id']) if User.current.admin? && params[:project].has_key?('parent_id') + # Add current user as a project member if he is not admin + unless User.current.admin? + m = Member.new(:user => User.current, :roles => Role.builtin(false).find(:all, :order => 'position', :limit => 1)) + @project.members << m + end flash[:notice] = l(:notice_successful_create) - redirect_to :controller => 'admin', :action => 'projects' - end + redirect_to :controller => 'projects', :action => 'settings', :id => @project + end end end diff --git a/app/models/user.rb b/app/models/user.rb index 7bcf999f2..0caaf34f6 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -277,6 +277,9 @@ class User < ActiveRecord::Base roles.detect {|role| (project.is_public? || role.member?) && role.allowed_to?(action)} elsif options[:global] + # Admin users are always authorized + return true if admin? + # authorize if user has at least one role that has this permission roles = memberships.collect {|m| m.roles}.flatten.uniq roles.detect {|r| r.allowed_to?(action)} || (self.logged? ? Role.non_member.allowed_to?(action) : Role.anonymous.allowed_to?(action)) diff --git a/app/views/projects/index.rhtml b/app/views/projects/index.rhtml index 047d11ff5..3b2435799 100644 --- a/app/views/projects/index.rhtml +++ b/app/views/projects/index.rhtml @@ -1,5 +1,5 @@ <div class="contextual"> - <%= link_to(l(:label_project_new), {:controller => 'projects', :action => 'add'}, :class => 'icon icon-add') + ' |' if User.current.admin? %> + <%= link_to(l(:label_project_new), {:controller => 'projects', :action => 'add'}, :class => 'icon icon-add') + ' |' if User.current.allowed_to?(:add_project, nil, :global => true) %> <%= link_to l(:label_issue_view_all), { :controller => 'issues' } %> | <%= link_to l(:label_overall_activity), { :controller => 'projects', :action => 'activity' }%> </div> diff --git a/config/locales/bg.yml b/config/locales/bg.yml index 36923c83c..4a18f4939 100644 --- a/config/locales/bg.yml +++ b/config/locales/bg.yml @@ -796,3 +796,4 @@ bg: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/bs.yml b/config/locales/bs.yml index 59b252143..841a56759 100644 --- a/config/locales/bs.yml +++ b/config/locales/bs.yml @@ -829,3 +829,4 @@ bs: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}.
label_wiki_content_updated: Wiki page updated
mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}.
+ permission_add_project: Create project
diff --git a/config/locales/ca.yml b/config/locales/ca.yml index 20113f971..a209a1e5a 100644 --- a/config/locales/ca.yml +++ b/config/locales/ca.yml @@ -799,3 +799,4 @@ ca: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/cs.yml b/config/locales/cs.yml index a8040ca1e..cae51f951 100644 --- a/config/locales/cs.yml +++ b/config/locales/cs.yml @@ -802,3 +802,4 @@ cs: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/da.yml b/config/locales/da.yml index 6ce2fecb4..f388fc8c5 100644 --- a/config/locales/da.yml +++ b/config/locales/da.yml @@ -829,3 +829,4 @@ da: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/de.yml b/config/locales/de.yml index 26855bfdb..a6f56a2af 100644 --- a/config/locales/de.yml +++ b/config/locales/de.yml @@ -828,3 +828,4 @@ de: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/en.yml b/config/locales/en.yml index 3cfcbc66e..9cfc0b1dd 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -292,6 +292,7 @@ en: setting_openid: Allow OpenID login and registration setting_password_min_length: Minimum password length + permission_add_project: Create project permission_edit_project: Edit project permission_select_project_modules: Select project modules permission_manage_members: Manage members diff --git a/config/locales/es.yml b/config/locales/es.yml index ff61e7d9e..8cc72b34b 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -849,3 +849,4 @@ es: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/fi.yml b/config/locales/fi.yml index a1cf5cbe7..1f2f86c89 100644 --- a/config/locales/fi.yml +++ b/config/locales/fi.yml @@ -839,3 +839,4 @@ fi: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/fr.yml b/config/locales/fr.yml index bbe18dca6..ce9c2f776 100644 --- a/config/locales/fr.yml +++ b/config/locales/fr.yml @@ -324,6 +324,7 @@ fr: setting_openid: "Autoriser l'authentification et l'enregistrement OpenID" setting_password_min_length: Longueur minimum des mots de passe + permission_add_project: Créer un projet permission_edit_project: Modifier le projet permission_select_project_modules: Choisir les modules permission_manage_members: Gérer les members diff --git a/config/locales/gl.yml b/config/locales/gl.yml index 167310e42..0f619adb6 100644 --- a/config/locales/gl.yml +++ b/config/locales/gl.yml @@ -828,3 +828,4 @@ gl: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/he.yml b/config/locales/he.yml index a720e4c26..d3b9bf0ec 100644 --- a/config/locales/he.yml +++ b/config/locales/he.yml @@ -811,3 +811,4 @@ he: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/hu.yml b/config/locales/hu.yml index 2e0b80439..7b00becdd 100644 --- a/config/locales/hu.yml +++ b/config/locales/hu.yml @@ -834,3 +834,4 @@ mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/it.yml b/config/locales/it.yml index 935c38149..721d72c47 100644 --- a/config/locales/it.yml +++ b/config/locales/it.yml @@ -814,3 +814,4 @@ it: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/ja.yml b/config/locales/ja.yml index a9024f2ed..b00e9f2f7 100644 --- a/config/locales/ja.yml +++ b/config/locales/ja.yml @@ -827,3 +827,4 @@ ja: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/ko.yml b/config/locales/ko.yml index 221c524be..b8cffa400 100644 --- a/config/locales/ko.yml +++ b/config/locales/ko.yml @@ -858,3 +858,4 @@ ko: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/lt.yml b/config/locales/lt.yml index 7ba666e15..3b2776d1b 100644 --- a/config/locales/lt.yml +++ b/config/locales/lt.yml @@ -839,3 +839,4 @@ lt: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/nl.yml b/config/locales/nl.yml index 00229a81a..071c1306a 100644 --- a/config/locales/nl.yml +++ b/config/locales/nl.yml @@ -784,3 +784,4 @@ nl: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/no.yml b/config/locales/no.yml index ed9309eb1..a481d4912 100644 --- a/config/locales/no.yml +++ b/config/locales/no.yml @@ -801,3 +801,4 @@ mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/pl.yml b/config/locales/pl.yml index 1a20ffa49..d252ec0ae 100644 --- a/config/locales/pl.yml +++ b/config/locales/pl.yml @@ -832,3 +832,4 @@ pl: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml index 6592f6cec..7f4343a25 100644 --- a/config/locales/pt-BR.yml +++ b/config/locales/pt-BR.yml @@ -834,3 +834,4 @@ pt-BR: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/pt.yml b/config/locales/pt.yml index ffc2795d2..ea40131c3 100644 --- a/config/locales/pt.yml +++ b/config/locales/pt.yml @@ -820,3 +820,4 @@ pt: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/ro.yml b/config/locales/ro.yml index 7e5f098fd..7d61ffb10 100644 --- a/config/locales/ro.yml +++ b/config/locales/ro.yml @@ -799,3 +799,4 @@ ro: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/ru.yml b/config/locales/ru.yml index 8b0605bbc..f2274db97 100644 --- a/config/locales/ru.yml +++ b/config/locales/ru.yml @@ -926,3 +926,4 @@ ru: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/sk.yml b/config/locales/sk.yml index dd23496b9..8c73612e1 100644 --- a/config/locales/sk.yml +++ b/config/locales/sk.yml @@ -800,3 +800,4 @@ sk: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/sl.yml b/config/locales/sl.yml index f3f4d2fa8..676f744ff 100644 --- a/config/locales/sl.yml +++ b/config/locales/sl.yml @@ -798,3 +798,4 @@ sl: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/sr.yml b/config/locales/sr.yml index ed56fda99..8c6a753a0 100644 --- a/config/locales/sr.yml +++ b/config/locales/sr.yml @@ -822,3 +822,4 @@ mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/sv.yml b/config/locales/sv.yml index 3a7add901..47e33f356 100644 --- a/config/locales/sv.yml +++ b/config/locales/sv.yml @@ -856,3 +856,4 @@ sv: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/th.yml b/config/locales/th.yml index a24682700..2f5bc7404 100644 --- a/config/locales/th.yml +++ b/config/locales/th.yml @@ -799,3 +799,4 @@ th: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/tr.yml b/config/locales/tr.yml index c167d9215..4ab554291 100644 --- a/config/locales/tr.yml +++ b/config/locales/tr.yml @@ -835,3 +835,4 @@ tr: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/uk.yml b/config/locales/uk.yml index 719b2c3f5..5a7da7e77 100644 --- a/config/locales/uk.yml +++ b/config/locales/uk.yml @@ -798,3 +798,4 @@ uk: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/vi.yml b/config/locales/vi.yml index b981752ce..d6885501b 100644 --- a/config/locales/vi.yml +++ b/config/locales/vi.yml @@ -868,3 +868,4 @@ vi: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml index 1c84c9931..a9cfc4afe 100644 --- a/config/locales/zh-TW.yml +++ b/config/locales/zh-TW.yml @@ -906,3 +906,4 @@ mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/config/locales/zh.yml b/config/locales/zh.yml index 3145d303a..cce3115c4 100644 --- a/config/locales/zh.yml +++ b/config/locales/zh.yml @@ -831,3 +831,4 @@ zh: mail_body_wiki_content_added: The '{{page}}' wiki page has been added by {{author}}. label_wiki_content_updated: Wiki page updated mail_body_wiki_content_updated: The '{{page}}' wiki page has been updated by {{author}}. + permission_add_project: Create project diff --git a/lib/redmine.rb b/lib/redmine.rb index 5ac32b2fe..6188e7e5e 100644 --- a/lib/redmine.rb +++ b/lib/redmine.rb @@ -20,6 +20,7 @@ REDMINE_SUPPORTED_SCM = %w( Subversion Darcs Mercurial Cvs Bazaar Git Filesystem Redmine::AccessControl.map do |map| map.permission :view_project, {:projects => [:show, :activity]}, :public => true map.permission :search_project, {:search => :index}, :public => true + map.permission :add_project, {:projects => :add}, :require => :loggedin map.permission :edit_project, {:projects => [:settings, :edit]}, :require => :member map.permission :select_project_modules, {:projects => :modules}, :require => :member map.permission :manage_members, {:projects => :settings, :members => [:new, :edit, :destroy, :autocomplete_for_member_login]}, :require => :member diff --git a/test/fixtures/roles.yml b/test/fixtures/roles.yml index d8ae2c819..0bd078441 100644 --- a/test/fixtures/roles.yml +++ b/test/fixtures/roles.yml @@ -5,6 +5,7 @@ roles_001: builtin: 0
permissions: |
---
+ - :add_project
- :edit_project
- :manage_members
- :manage_versions
diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb index 2fba106e3..0560a54b6 100644 --- a/test/functional/projects_controller_test.rb +++ b/test/functional/projects_controller_test.rb @@ -89,6 +89,56 @@ class ProjectsControllerTest < Test::Unit::TestCase ) end + def test_get_add + @request.session[:user_id] = 1 + get :add + assert_response :success + assert_template 'add' + end + + def test_get_add_by_non_admin + @request.session[:user_id] = 2 + get :add + assert_response :success + assert_template 'add' + end + + def test_post_add + @request.session[:user_id] = 1 + post :add, :project => { :name => "blog", + :description => "weblog", + :identifier => "blog", + :is_public => 1, + :custom_field_values => { '3' => 'Beta' } + } + assert_redirected_to '/projects/blog/settings' + + project = Project.find_by_name('blog') + assert_kind_of Project, project + assert_equal 'weblog', project.description + assert_equal true, project.is_public? + end + + def test_post_add_by_non_admin + @request.session[:user_id] = 2 + post :add, :project => { :name => "blog", + :description => "weblog", + :identifier => "blog", + :is_public => 1, + :custom_field_values => { '3' => 'Beta' } + } + assert_redirected_to '/projects/blog/settings' + + project = Project.find_by_name('blog') + assert_kind_of Project, project + assert_equal 'weblog', project.description + assert_equal true, project.is_public? + + # User should be added as a project member + assert User.find(2).member_of?(project) + assert_equal 1, project.members.size + end + def test_show_routing assert_routing( {:method => :get, :path => '/projects/test'}, diff --git a/test/integration/admin_test.rb b/test/integration/admin_test.rb index 6c1db7503..dd14e6661 100644 --- a/test/integration/admin_test.rb +++ b/test/integration/admin_test.rb @@ -39,28 +39,4 @@ class AdminTest < ActionController::IntegrationTest locked_user = User.try_to_login("psmith", "psmith09") assert_equal nil, locked_user end - - def test_add_project - log_user("admin", "admin") - get "projects/new" - assert_response :success - assert_template "projects/add" - post "projects", :project => { :name => "blog", - :description => "weblog", - :identifier => "blog", - :is_public => 1, - :custom_field_values => { '3' => 'Beta' } - } - assert_redirected_to "admin/projects" - assert_equal 'Successful creation.', flash[:notice] - - project = Project.find_by_name("blog") - assert_kind_of Project, project - assert_equal "weblog", project.description - assert_equal true, project.is_public? - - get "admin/projects" - assert_response :success - assert_template "admin/projects" - end end |