2 files changed, 13 insertions, 1 deletions

diff --git a/lib/redmine/safe_attributes.rb b/lib/redmine/safe_attributes.rb
index 363048d29..1d2a3d6e1 100644
--- a/lib/redmine/safe_attributes.rb
+++ b/lib/redmine/safe_attributes.rb
@@ -74,7 +74,7 @@ module Redmine
     #   # => {'title' => 'My book'}
     def delete_unsafe_attributes(attrs, user=User.current)
       safe = safe_attribute_names(user)
-      attrs.dup.delete_if {|k,v| !safe.include?(k)}
+      attrs.dup.delete_if {|k,v| !safe.include?(k.to_s)}
     end
 
     # Sets attributes from attrs that are safe
diff --git a/test/functional/roles_controller_test.rb b/test/functional/roles_controller_test.rb
index ba26e0c63..ea2ccb018 100644
--- a/test/functional/roles_controller_test.rb
+++ b/test/functional/roles_controller_test.rb
@@ -39,6 +39,18 @@ class RolesControllerTest < Redmine::ControllerTest
     get :new
     assert_response :success
     assert_select 'input[name=?]', 'role[name]'
+    assert_select 'input[name=?]', 'role[permissions][]'
+  end
+
+  def test_new_should_prefill_permissions_with_non_member_permissions
+    role = Role.non_member
+    role.permissions = [:view_issues, :view_documents]
+    role.save!
+
+    get :new
+    assert_response :success
+    assert_equal %w(view_documents view_issues),
+      css_select('input[name="role[permissions][]"][checked=checked]').map {|e| e.attr('value')}.sort
   end
 
   def test_new_with_copy