2 files changed, 34 insertions, 0 deletions

diff --git a/test/functional/attachments_controller_test.rb b/test/functional/attachments_controller_test.rb
index 7ffe20423..ffd4ed954 100644
--- a/test/functional/attachments_controller_test.rb
+++ b/test/functional/attachments_controller_test.rb
@@ -676,4 +676,25 @@ class AttachmentsControllerTest < Redmine::ControllerTest
     assert_response 302
     assert Attachment.find_by_id(3)
   end
+
+  def test_destroy_issue_attachment_by_user_without_edit_issue_permission_on_tracker
+    role = Role.find(2)
+    role.set_permission_trackers 'edit_issues', [2, 3]
+    role.save!
+
+    @request.session[:user_id] = 2
+
+    set_tmp_attachments_directory
+    assert_no_difference 'Attachment.count' do
+      delete(
+        :destroy,
+        :params => {
+          :id => 7
+        }
+      )
+    end
+
+    assert_response 403
+    assert Attachment.find_by_id(7)
+  end
 end
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index 3491e0c2d..2e663c1c3 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -2687,6 +2687,19 @@ class IssuesControllerTest < Redmine::ControllerTest
       assert_select 'div.attachments .icon-edit',  0
   end
 
+  def test_show_should_not_display_delete_attachment_icon_for_user_without_edit_issue_permission_on_tracker
+    role = Role.find(2)
+    role.set_permission_trackers 'edit_issues', [2, 3]
+    role.save!
+
+    @request.session[:user_id] = 2
+
+    get :show, params: {id: 4}
+
+    assert_response :success
+    assert_select 'div.attachments .icon-del', 0
+  end
+
   def test_get_new
     @request.session[:user_id] = 2
     get :new, :params => {