From 004fc8b84b1cebc521664ca3830f969a91244e67 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang
Date: Mon, 29 Jun 2015 16:06:37 +0000
Subject: Fixed that user with "Manage public queries" permission, can create
global public query (#19842).
git-svn-id: http://svn.redmine.org/redmine/trunk@14388 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
app/controllers/queries_controller.rb | 29 +++++++-----
app/models/query.rb | 4 +-
app/views/queries/_form.html.erb | 14 +++---
test/functional/queries_controller_test.rb | 73 +++++++++++++++++++++++++++---
test/test_helper.rb | 9 ++++
5 files changed, 105 insertions(+), 24 deletions(-)
diff --git a/app/controllers/queries_controller.rb b/app/controllers/queries_controller.rb
index ac91b1a15..e09790b94 100644
--- a/app/controllers/queries_controller.rb
+++ b/app/controllers/queries_controller.rb
@@ -48,17 +48,14 @@ class QueriesController < ApplicationController
@query = IssueQuery.new
@query.user = User.current
@query.project = @project
- @query.visibility = IssueQuery::VISIBILITY_PRIVATE unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
@query.build_from_params(params)
end
def create
- @query = IssueQuery.new(params[:query])
+ @query = IssueQuery.new
@query.user = User.current
- @query.project = params[:query_is_for_all] ? nil : @project
- @query.visibility = IssueQuery::VISIBILITY_PRIVATE unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
- @query.build_from_params(params)
- @query.column_names = nil if params[:default_columns]
+ @query.project = @project
+ update_query_from_params
if @query.save
flash[:notice] = l(:notice_successful_create)
@@ -72,11 +69,7 @@ class QueriesController < ApplicationController
end
def update
- @query.attributes = params[:query]
- @query.project = nil if params[:query_is_for_all]
- @query.visibility = IssueQuery::VISIBILITY_PRIVATE unless User.current.allowed_to?(:manage_public_queries, @project) || User.current.admin?
- @query.build_from_params(params)
- @query.column_names = nil if params[:default_columns]
+ update_query_from_params
if @query.save
flash[:notice] = l(:notice_successful_update)
@@ -107,6 +100,20 @@ private
render_404
end
+ def update_query_from_params
+ @query.project = params[:query_is_for_all] ? nil : @project
+ @query.build_from_params(params)
+ @query.column_names = nil if params[:default_columns]
+ @query.sort_criteria = params[:query] && params[:query][:sort_criteria]
+ @query.name = params[:query] && params[:query][:name]
+ if User.current.allowed_to?(:manage_public_queries, @query.project) || User.current.admin?
+ @query.visibility = (params[:query] && params[:query][:visibility]) || IssueQuery::VISIBILITY_PRIVATE
+ else
+ @query.visibility = IssueQuery::VISIBILITY_PRIVATE
+ end
+ @query
+ end
+
def redirect_to_issues(options)
if params[:gantt]
if @project
diff --git a/app/models/query.rb b/app/models/query.rb
index cac43a4e4..b77f76c2e 100644
--- a/app/models/query.rb
+++ b/app/models/query.rb
@@ -487,7 +487,9 @@ class Query < ActiveRecord::Base
if arg.is_a?(Hash)
arg = arg.keys.sort.collect {|k| arg[k]}
end
- c = arg.select {|k,o| !k.to_s.blank?}.slice(0,3).collect {|k,o| [k.to_s, (o == 'desc' || o == false) ? 'desc' : 'asc']}
+ if arg
+ c = arg.select {|k,o| !k.to_s.blank?}.slice(0,3).collect {|k,o| [k.to_s, (o == 'desc' || o == false) ? 'desc' : 'asc']}
+ end
write_attribute(:sort_criteria, c)
end
diff --git a/app/views/queries/_form.html.erb b/app/views/queries/_form.html.erb
index fc03b857d..753eaedab 100644
--- a/app/views/queries/_form.html.erb
+++ b/app/views/queries/_form.html.erb
@@ -7,21 +7,20 @@
<%= text_field 'query', 'name', :size => 80 %>
-<% if User.current.admin? || User.current.allowed_to?(:manage_public_queries, @project) %>
+<% if User.current.admin? || User.current.allowed_to?(:manage_public_queries, @query.project) %>
+
<% Role.givable.sorted.each do |role| %>
<% end %>
-
<%= hidden_field_tag 'query[role_ids][]', '' %>
<% end %>
-<%= check_box_tag 'query_is_for_all', 1, @query.project.nil?,
- :disabled => (!@query.new_record? && (@query.project.nil? || (@query.is_public? && !User.current.admin?))) %>
+<%= check_box_tag 'query_is_for_all', 1, @query.project.nil?, :class => (User.current.admin? ? '' : 'disable-unless-private') %>
<% unless params[:gantt] %>