summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--app/models/issue_import.rb2
-rw-r--r--app/models/time_entry_import.rb2
-rw-r--r--app/views/issues/index.html.erb2
-rw-r--r--app/views/timelog/index.html.erb2
-rw-r--r--test/functional/imports_controller_test.rb12
5 files changed, 16 insertions, 4 deletions
diff --git a/app/models/issue_import.rb b/app/models/issue_import.rb
index d7e0919d3..57305e38f 100644
--- a/app/models/issue_import.rb
+++ b/app/models/issue_import.rb
@@ -50,7 +50,7 @@ class IssueImport < Import
end
def self.authorized?(user)
- user.allowed_to?(:import_issues, nil, :global => true)
+ user.allowed_to?(:import_issues, nil, :global => true) && user.allowed_to?(:add_issues, nil, :global => true)
end
# Returns the objects that were imported
diff --git a/app/models/time_entry_import.rb b/app/models/time_entry_import.rb
index a6d05f520..01fde3488 100644
--- a/app/models/time_entry_import.rb
+++ b/app/models/time_entry_import.rb
@@ -32,7 +32,7 @@ class TimeEntryImport < Import
end
def self.authorized?(user)
- user.allowed_to?(:import_time_entries, nil, :global => true)
+ user.allowed_to?(:import_time_entries, nil, :global => true) && user.allowed_to?(:log_time, nil, :global => true)
end
# Returns the objects that were imported
diff --git a/app/views/issues/index.html.erb b/app/views/issues/index.html.erb
index 997a64e55..796c56f0a 100644
--- a/app/views/issues/index.html.erb
+++ b/app/views/issues/index.html.erb
@@ -7,7 +7,7 @@
<%= link_to l(:field_summary), project_issues_report_path(@project), :class => 'icon icon-stats' %>
<% end %>
- <% if User.current.allowed_to?(:import_issues, @project, :global => true) %>
+ <% if User.current.allowed_to?(:import_issues, @project, :global => true) && User.current.allowed_to?(:add_issues, @project, :global => true) %>
<%= link_to l(:button_import), new_issues_import_path(:project_id => @project), :class => 'icon icon-import' %>
<% end %>
diff --git a/app/views/timelog/index.html.erb b/app/views/timelog/index.html.erb
index a045e4743..d9db32405 100644
--- a/app/views/timelog/index.html.erb
+++ b/app/views/timelog/index.html.erb
@@ -3,7 +3,7 @@
_new_time_entry_path(@project, @query.filtered_issue_id),
:class => 'icon icon-time-add' if User.current.allowed_to?(:log_time, @project, :global => true) %>
<%= actions_dropdown do %>
- <% if User.current.allowed_to?(:import_time_entries, @project, :global => true) %>
+ <% if User.current.allowed_to?(:import_time_entries, @project, :global => true) && User.current.allowed_to?(:log_time, @project, :global => true) %>
<%= link_to l(:button_import), new_time_entries_import_path(:project_id => @project), :class => 'icon icon-import' %>
<% end %>
diff --git a/test/functional/imports_controller_test.rb b/test/functional/imports_controller_test.rb
index c368b64b9..1a49010d2 100644
--- a/test/functional/imports_controller_test.rb
+++ b/test/functional/imports_controller_test.rb
@@ -52,6 +52,18 @@ class ImportsControllerTest < Redmine::ControllerTest
assert_select 'input[name=?][type=?][value=?]', 'project_id', 'hidden', 'subproject1'
end
+ def test_new_issue_import_without_add_issues_permission
+ Role.all.map { |role| role.remove_permission! :add_issues }
+ get(:new, :params => {:type => 'IssueImport', :project_id => 'subproject1'})
+ assert_response :forbidden
+ end
+
+ def test_new_time_entry_import_without_log_time_permission
+ Role.all.map { |role| role.remove_permission! :log_time }
+ get(:new, :params => {:type => 'TimeEntryImport', :project_id => 'subproject1'})
+ assert_response :forbidden
+ end
+
def test_create_should_save_the_file
import = new_record(Import) do
post(
6534/stable27 Nextcloud server, a safe home for all your data: https://github.com/nextcloud/serverwww-data
aboutsummaryrefslogtreecommitdiffstats
path: root/.github/workflows/phpunit-mariadb.yml
blob: c545e2136a6fa061cb0a4c5390e6828c58f889fd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144