5 files changed, 120 insertions, 8 deletions

diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 1db5e6ff8..37825c995 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -467,7 +467,13 @@ class IssuesController < ApplicationController
     if @issue.project
       @issue.tracker ||= @issue.allowed_target_trackers.first
       if @issue.tracker.nil?
-        render_error l(:error_no_tracker_in_project)
+        if @issue.project.trackers.any?
+          # None of the project trackers is allowed to the user
+          render_error :message => l(:error_no_tracker_allowed_for_new_issue_in_project), :status => 403
+        else
+          # Project has no trackers
+          render_error l(:error_no_tracker_in_project)
+        end
         return false
       end
       if @issue.status.nil?
diff --git a/app/models/issue.rb b/app/models/issue.rb
index d6133d3a9..2baaea3f8 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -1368,16 +1368,27 @@ class Issue < ActiveRecord::Base
  
   # Returns a scope of trackers that user can assign the issue to
   def allowed_target_trackers(user=User.current)
-    if project
-      self.class.allowed_target_trackers(project, user, tracker_id_was)
-    else
-      Tracker.none
-    end
+    self.class.allowed_target_trackers(project, user, tracker_id_was)
   end
 
   # Returns a scope of trackers that user can assign project issues to
   def self.allowed_target_trackers(project, user=User.current, current_tracker=nil)
-    project.trackers.sorted
+    if project
+      scope = project.trackers.sorted
+      unless user.admin?
+        roles = user.roles_for_project(project).select {|r| r.has_permission?(:add_issues)}
+        unless roles.any? {|r| r.permissions_all_trackers?(:add_issues)}
+          tracker_ids = roles.map {|r| r.permissions_tracker_ids(:add_issues)}.flatten.uniq
+          if current_tracker
+            tracker_ids << current_tracker
+          end
+          scope = scope.where(:id => tracker_ids)
+        end
+      end
+      scope
+    else
+      Tracker.none
+    end
   end
 
   private
diff --git a/app/models/issue_import.rb b/app/models/issue_import.rb
index b6b20a1b1..5b19ac966 100644
--- a/app/models/issue_import.rb
+++ b/app/models/issue_import.rb
@@ -37,7 +37,7 @@ class IssueImport < Import
   # Returns a scope of trackers that user is allowed to
   # import issue to
   def allowed_target_trackers
-    project.trackers
+    Issue.allowed_target_trackers(project, user)
   end
 
   def tracker
diff --git a/app/models/role.rb b/app/models/role.rb
index defbc311d..89538aa4d 100644
--- a/app/models/role.rb
+++ b/app/models/role.rb
@@ -73,6 +73,7 @@ class Role < ActiveRecord::Base
   acts_as_positioned :scope => :builtin
 
   serialize :permissions, ::Role::PermissionsAttributeCoder
+  store :settings, :accessors => [:permissions_all_trackers, :permissions_tracker_ids]
   attr_protected :builtin
 
   validates_presence_of :name
@@ -188,6 +189,56 @@ class Role < ActiveRecord::Base
     setable_permissions
   end
 
+  def permissions_tracker_ids(*args)
+    if args.any?
+      Array(permissions_tracker_ids[args.first.to_s]).map(&:to_i)
+    else
+      super || {}
+    end
+  end
+
+  def permissions_tracker_ids=(arg)
+    h = arg.to_hash
+    h.values.each {|v| v.reject!(&:blank?)}
+    super(h)
+  end
+
+  # Returns true if tracker_id belongs to the list of
+  # trackers for which permission is given 
+  def permissions_tracker_ids?(permission, tracker_id)
+    permissions_tracker_ids(permission).include?(tracker_id)
+  end
+
+  def permissions_all_trackers
+    super || {}
+  end
+
+  def permissions_all_trackers=(arg)
+    super(arg.to_hash)
+  end
+
+  # Returns true if permission is given for all trackers
+  def permissions_all_trackers?(permission)
+    permissions_all_trackers[permission.to_s].to_s != '0'
+  end
+
+  # Sets the trackers that are allowed for a permission.
+  # tracker_ids can be an array of tracker ids or :all for
+  # no restrictions.
+  #
+  # Examples:
+  #   role.set_permission_trackers :add_issues, [1, 3]
+  #   role.set_permission_trackers :add_issues, :all
+  def set_permission_trackers(permission, tracker_ids)
+    h = {permission.to_s => (tracker_ids == :all ? '1' : '0')}
+    self.permissions_all_trackers = permissions_all_trackers.merge(h)
+
+    h = {permission.to_s => (tracker_ids == :all ? [] : tracker_ids)}
+    self.permissions_tracker_ids = permissions_tracker_ids.merge(h)
+
+    self
+  end
+
   # Find all the roles that can be given to a project member
   def self.find_all_givable
     Role.givable.to_a
diff --git a/app/views/roles/_form.html.erb b/app/views/roles/_form.html.erb
index 84d5de185..524c273d0 100644
--- a/app/views/roles/_form.html.erb
+++ b/app/views/roles/_form.html.erb
@@ -62,6 +62,50 @@
 <%= hidden_field_tag 'role[permissions][]', '' %>
 </div>
 
+<div id="role-permissions-trackers">
+<h3><%= l(:label_issue_tracking) %></h3>
+<% permissions = %w(add_issues) %>
+<table class="list">
+  <thead>
+    <tr>
+      <th><%= l(:label_tracker) %></th>
+      <% permissions.each do |permission| %>
+      <th><%= l("permission_#{permission}") %></th>
+      <% end %>
+  </thead>
+  <tbody>
+    <tr>
+      <td class="name"><b><%= l(:label_tracker_all) %></b></td>
+      <% permissions.each do |permission| %>
+      <td>
+        <%= hidden_field_tag "role[permissions_all_trackers][#{permission}]", '0', :id => nil %>
+        <%= check_box_tag "role[permissions_all_trackers][#{permission}]",
+              '1',
+              @role.permissions_all_trackers?(permission),
+              :data => {:disables => ".#{permission}_tracker"} %>
+      </td>
+      <% end %>
+    </tr>
+    <% Tracker.sorted.all.each do |tracker| %>
+    <tr>
+      <td class="name"><%= tracker.name %></td>
+      <% permissions.each do |permission| %>
+      <td><%= check_box_tag "role[permissions_tracker_ids][#{permission}][]",
+                tracker.id,
+                @role.permissions_tracker_ids?(permission, tracker.id),
+                :class => "#{permission}_tracker",
+                :id => "role_permissions_tracker_ids_add_issues_#{tracker.id}" %></td>
+      <% end %>
+    </tr>
+    <% end %>
+  </tbody>
+</table>
+
+<% permissions.each do |permission| %>
+  <%= hidden_field_tag "role[permissions_tracker_ids][#{permission}][]", '' %>
+<% end %>
+</div>
+
 <%= javascript_tag do %>
 $(document).ready(function(){
   $("#role_permissions_manage_members").change(function(){