diff options
-rw-r--r-- | app/models/issue_import.rb | 2 | ||||
-rw-r--r-- | app/models/time_entry_import.rb | 2 | ||||
-rw-r--r-- | app/views/issues/index.html.erb | 2 | ||||
-rw-r--r-- | app/views/timelog/index.html.erb | 2 | ||||
-rw-r--r-- | test/functional/imports_controller_test.rb | 12 |
5 files changed, 16 insertions, 4 deletions
diff --git a/app/models/issue_import.rb b/app/models/issue_import.rb index d7e0919d3..57305e38f 100644 --- a/app/models/issue_import.rb +++ b/app/models/issue_import.rb @@ -50,7 +50,7 @@ class IssueImport < Import end def self.authorized?(user) - user.allowed_to?(:import_issues, nil, :global => true) + user.allowed_to?(:import_issues, nil, :global => true) && user.allowed_to?(:add_issues, nil, :global => true) end # Returns the objects that were imported diff --git a/app/models/time_entry_import.rb b/app/models/time_entry_import.rb index a6d05f520..01fde3488 100644 --- a/app/models/time_entry_import.rb +++ b/app/models/time_entry_import.rb @@ -32,7 +32,7 @@ class TimeEntryImport < Import end def self.authorized?(user) - user.allowed_to?(:import_time_entries, nil, :global => true) + user.allowed_to?(:import_time_entries, nil, :global => true) && user.allowed_to?(:log_time, nil, :global => true) end # Returns the objects that were imported diff --git a/app/views/issues/index.html.erb b/app/views/issues/index.html.erb index 997a64e55..796c56f0a 100644 --- a/app/views/issues/index.html.erb +++ b/app/views/issues/index.html.erb @@ -7,7 +7,7 @@ <%= link_to l(:field_summary), project_issues_report_path(@project), :class => 'icon icon-stats' %> <% end %> - <% if User.current.allowed_to?(:import_issues, @project, :global => true) %> + <% if User.current.allowed_to?(:import_issues, @project, :global => true) && User.current.allowed_to?(:add_issues, @project, :global => true) %> <%= link_to l(:button_import), new_issues_import_path(:project_id => @project), :class => 'icon icon-import' %> <% end %> diff --git a/app/views/timelog/index.html.erb b/app/views/timelog/index.html.erb index a045e4743..d9db32405 100644 --- a/app/views/timelog/index.html.erb +++ b/app/views/timelog/index.html.erb @@ -3,7 +3,7 @@ _new_time_entry_path(@project, @query.filtered_issue_id), :class => 'icon icon-time-add' if User.current.allowed_to?(:log_time, @project, :global => true) %> <%= actions_dropdown do %> - <% if User.current.allowed_to?(:import_time_entries, @project, :global => true) %> + <% if User.current.allowed_to?(:import_time_entries, @project, :global => true) && User.current.allowed_to?(:log_time, @project, :global => true) %> <%= link_to l(:button_import), new_time_entries_import_path(:project_id => @project), :class => 'icon icon-import' %> <% end %> diff --git a/test/functional/imports_controller_test.rb b/test/functional/imports_controller_test.rb index c368b64b9..1a49010d2 100644 --- a/test/functional/imports_controller_test.rb +++ b/test/functional/imports_controller_test.rb @@ -52,6 +52,18 @@ class ImportsControllerTest < Redmine::ControllerTest assert_select 'input[name=?][type=?][value=?]', 'project_id', 'hidden', 'subproject1' end + def test_new_issue_import_without_add_issues_permission + Role.all.map { |role| role.remove_permission! :add_issues } + get(:new, :params => {:type => 'IssueImport', :project_id => 'subproject1'}) + assert_response :forbidden + end + + def test_new_time_entry_import_without_log_time_permission + Role.all.map { |role| role.remove_permission! :log_time } + get(:new, :params => {:type => 'TimeEntryImport', :project_id => 'subproject1'}) + assert_response :forbidden + end + def test_create_should_save_the_file import = new_record(Import) do post( |