summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--app/models/issue_import.rb2
-rw-r--r--app/models/time_entry_import.rb2
-rw-r--r--app/views/issues/index.html.erb2
-rw-r--r--app/views/timelog/index.html.erb2
-rw-r--r--test/functional/imports_controller_test.rb12
5 files changed, 16 insertions, 4 deletions
diff --git a/app/models/issue_import.rb b/app/models/issue_import.rb
index d7e0919d3..57305e38f 100644
--- a/app/models/issue_import.rb
+++ b/app/models/issue_import.rb
@@ -50,7 +50,7 @@ class IssueImport < Import
end
def self.authorized?(user)
- user.allowed_to?(:import_issues, nil, :global => true)
+ user.allowed_to?(:import_issues, nil, :global => true) && user.allowed_to?(:add_issues, nil, :global => true)
end
# Returns the objects that were imported
diff --git a/app/models/time_entry_import.rb b/app/models/time_entry_import.rb
index a6d05f520..01fde3488 100644
--- a/app/models/time_entry_import.rb
+++ b/app/models/time_entry_import.rb
@@ -32,7 +32,7 @@ class TimeEntryImport < Import
end
def self.authorized?(user)
- user.allowed_to?(:import_time_entries, nil, :global => true)
+ user.allowed_to?(:import_time_entries, nil, :global => true) && user.allowed_to?(:log_time, nil, :global => true)
end
# Returns the objects that were imported
diff --git a/app/views/issues/index.html.erb b/app/views/issues/index.html.erb
index 997a64e55..796c56f0a 100644
--- a/app/views/issues/index.html.erb
+++ b/app/views/issues/index.html.erb
@@ -7,7 +7,7 @@
<%= link_to l(:field_summary), project_issues_report_path(@project), :class => 'icon icon-stats' %>
<% end %>
- <% if User.current.allowed_to?(:import_issues, @project, :global => true) %>
+ <% if User.current.allowed_to?(:import_issues, @project, :global => true) && User.current.allowed_to?(:add_issues, @project, :global => true) %>
<%= link_to l(:button_import), new_issues_import_path(:project_id => @project), :class => 'icon icon-import' %>
<% end %>
diff --git a/app/views/timelog/index.html.erb b/app/views/timelog/index.html.erb
index a045e4743..d9db32405 100644
--- a/app/views/timelog/index.html.erb
+++ b/app/views/timelog/index.html.erb
@@ -3,7 +3,7 @@
_new_time_entry_path(@project, @query.filtered_issue_id),
:class => 'icon icon-time-add' if User.current.allowed_to?(:log_time, @project, :global => true) %>
<%= actions_dropdown do %>
- <% if User.current.allowed_to?(:import_time_entries, @project, :global => true) %>
+ <% if User.current.allowed_to?(:import_time_entries, @project, :global => true) && User.current.allowed_to?(:log_time, @project, :global => true) %>
<%= link_to l(:button_import), new_time_entries_import_path(:project_id => @project), :class => 'icon icon-import' %>
<% end %>
diff --git a/test/functional/imports_controller_test.rb b/test/functional/imports_controller_test.rb
index c368b64b9..1a49010d2 100644
--- a/test/functional/imports_controller_test.rb
+++ b/test/functional/imports_controller_test.rb
@@ -52,6 +52,18 @@ class ImportsControllerTest < Redmine::ControllerTest
assert_select 'input[name=?][type=?][value=?]', 'project_id', 'hidden', 'subproject1'
end
+ def test_new_issue_import_without_add_issues_permission
+ Role.all.map { |role| role.remove_permission! :add_issues }
+ get(:new, :params => {:type => 'IssueImport', :project_id => 'subproject1'})
+ assert_response :forbidden
+ end
+
+ def test_new_time_entry_import_without_log_time_permission
+ Role.all.map { |role| role.remove_permission! :log_time }
+ get(:new, :params => {:type => 'TimeEntryImport', :project_id => 'subproject1'})
+ assert_response :forbidden
+ end
+
def test_create_should_save_the_file
import = new_record(Import) do
post(