From 07b44a46628c1fc5ac9797b3b376f48c986c8d1b Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 13 Dec 2014 14:01:56 +0000
Subject: Droped legacy behaviour that allows a user to edit a few attributes
 of an issue without the edit_issues permission if a status transition is
 allowed (#15988).

Now that we can control permission on each field, this behaviour is no longer needed. The edit_issues permission is now required, which is consistent with the current requirements for bulk edition.

git-svn-id: http://svn.redmine.org/redmine/trunk@13746 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/models/issue.rb                       |  8 ----
 app/views/issues/_edit.html.erb           |  2 +-
 test/functional/issues_controller_test.rb | 62 -------------------------------
 3 files changed, 1 insertion(+), 71 deletions(-)

diff --git a/app/models/issue.rb b/app/models/issue.rb
index 84a5d7b6c..31c427bd6 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -405,14 +405,6 @@ class Issue < ActiveRecord::Base
     'notes',
     :if => lambda {|issue, user| issue.new_record? || user.allowed_to?(:edit_issues, issue.project) }
 
-  safe_attributes 'status_id',
-    'assigned_to_id',
-    'fixed_version_id',
-    'done_ratio',
-    'lock_version',
-    'notes',
-    :if => lambda {|issue, user| issue.new_statuses_allowed_to(user).any? }
-
   safe_attributes 'notes',
     :if => lambda {|issue, user| user.allowed_to?(:add_issue_notes, issue.project)}
 
diff --git a/app/views/issues/_edit.html.erb b/app/views/issues/_edit.html.erb
index e09a72695..b16e85f2f 100644
--- a/app/views/issues/_edit.html.erb
+++ b/app/views/issues/_edit.html.erb
@@ -2,7 +2,7 @@
     <%= error_messages_for 'issue', 'time_entry' %>
     <%= render :partial => 'conflict' if @conflict %>
     <div class="box">
-    <% if @edit_allowed || !@allowed_statuses.empty? %>
+    <% if @edit_allowed %>
         <fieldset class="tabular"><legend><%= l(:label_change_properties) %></legend>
         <div id="all_attributes">
         <%= render :partial => 'form', :locals => {:f => f} %>
diff --git a/test/functional/issues_controller_test.rb b/test/functional/issues_controller_test.rb
index 75368d9f9..25829e733 100644
--- a/test/functional/issues_controller_test.rb
+++ b/test/functional/issues_controller_test.rb
@@ -979,34 +979,6 @@ class IssuesControllerTest < ActionController::TestCase
     end
   end
 
-  def test_show_should_display_update_form_with_workflow_permissions
-    Role.find(1).update_attribute :permissions, [:view_issues, :add_issue_notes]
-
-    @request.session[:user_id] = 2
-    get :show, :id => 1
-    assert_response :success
-
-    assert_select 'form#issue-form' do
-      assert_select 'input[name=?]', 'issue[is_private]', 0
-      assert_select 'select[name=?]', 'issue[project_id]', 0
-      assert_select 'select[name=?]', 'issue[tracker_id]', 0
-      assert_select 'input[name=?]', 'issue[subject]', 0
-      assert_select 'textarea[name=?]', 'issue[description]', 0
-      assert_select 'select[name=?]', 'issue[status_id]'
-      assert_select 'select[name=?]', 'issue[priority_id]', 0
-      assert_select 'select[name=?]', 'issue[assigned_to_id]'
-      assert_select 'select[name=?]', 'issue[category_id]', 0
-      assert_select 'select[name=?]', 'issue[fixed_version_id]'
-      assert_select 'input[name=?]', 'issue[parent_issue_id]', 0
-      assert_select 'input[name=?]', 'issue[start_date]', 0
-      assert_select 'input[name=?]', 'issue[due_date]', 0
-      assert_select 'select[name=?]', 'issue[done_ratio]'
-      assert_select 'input[name=?]', 'issue[custom_field_values][2]', 0
-      assert_select 'input[name=?]', 'issue[watcher_user_ids][]', 0
-      assert_select 'textarea[name=?]', 'issue[notes]'
-    end
-  end
-
   def test_show_should_not_display_update_form_without_permissions
     Role.find(1).update_attribute :permissions, [:view_issues]
 
@@ -2405,40 +2377,6 @@ class IssuesControllerTest < ActionController::TestCase
   end
   private :setup_with_workflow_privilege
 
-  test "with workflow privilege #update should accept authorized status" do
-    setup_with_workflow_privilege
-    assert_difference 'Journal.count' do
-      put :update, :id => 1, :issue => {:status_id => 3, :notes => 'just trying'}
-    end
-    assert_equal 3, Issue.find(1).status_id
-  end
-
-  test "with workflow privilege #update should ignore unauthorized status" do
-    setup_with_workflow_privilege
-    assert_difference 'Journal.count' do
-      put :update, :id => 1, :issue => {:status_id => 2, :notes => 'just trying'}
-    end
-    assert_equal 1, Issue.find(1).status_id
-  end
-
-  test "with workflow privilege #update should accept authorized attributes changes" do
-    setup_with_workflow_privilege
-    assert_difference 'Journal.count' do
-      put :update, :id => 1, :issue => {:assigned_to_id => 2, :notes => 'just trying'}
-    end
-    issue = Issue.find(1)
-    assert_equal 2, issue.assigned_to_id
-  end
-
-  test "with workflow privilege #update should ignore unauthorized attributes changes" do
-    setup_with_workflow_privilege
-    assert_difference 'Journal.count' do
-      put :update, :id => 1, :issue => {:subject => 'changed', :notes => 'just trying'}
-    end
-    issue = Issue.find(1)
-    assert_equal "Can't print recipes", issue.subject
-  end
-
   def setup_with_workflow_privilege_and_edit_issues_permission
     setup_with_workflow_privilege
     Role.anonymous.add_permission! :add_issues, :edit_issues
-- 
cgit v1.2.3