From 62c83bdd2e1b06fcd873ba6d638c0bf59e390958 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Thu, 24 Dec 2009 16:18:15 +0000 Subject: Adds a 'Add subprojects' permission. * 'Add project' permission will let user create a root project * 'Add subprojects' permission will let project members create subprojects git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3238 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- test/functional/projects_controller_test.rb | 218 ++++++++++++++++++++-------- test/unit/project_test.rb | 2 +- 2 files changed, 156 insertions(+), 64 deletions(-) (limited to 'test') diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb index 6bdfc167c..6c88e41d7 100644 --- a/test/functional/projects_controller_test.rb +++ b/test/functional/projects_controller_test.rb @@ -89,71 +89,163 @@ class ProjectsControllerTest < ActionController::TestCase ) end - def test_get_add - @request.session[:user_id] = 1 - get :add - assert_response :success - assert_template 'add' - end - - def test_get_add_by_non_admin - @request.session[:user_id] = 2 - get :add - assert_response :success - assert_template 'add' - end - - def test_post_add - @request.session[:user_id] = 1 - post :add, :project => { :name => "blog", - :description => "weblog", - :identifier => "blog", - :is_public => 1, - :custom_field_values => { '3' => 'Beta' } - } - assert_redirected_to '/projects/blog/settings' - - project = Project.find_by_name('blog') - assert_kind_of Project, project - assert_equal 'weblog', project.description - assert_equal true, project.is_public? - assert_nil project.parent - end - - def test_post_add_subproject - @request.session[:user_id] = 1 - post :add, :project => { :name => "blog", - :description => "weblog", - :identifier => "blog", - :is_public => 1, - :custom_field_values => { '3' => 'Beta' }, - :parent_id => 1 - } - assert_redirected_to '/projects/blog/settings' - - project = Project.find_by_name('blog') - assert_kind_of Project, project - assert_equal Project.find(1), project.parent - end - - def test_post_add_by_non_admin - @request.session[:user_id] = 2 - post :add, :project => { :name => "blog", - :description => "weblog", - :identifier => "blog", - :is_public => 1, - :custom_field_values => { '3' => 'Beta' } - } - assert_redirected_to '/projects/blog/settings' + context "#add" do + context "by admin user" do + setup do + @request.session[:user_id] = 1 + end + + should "accept get" do + get :add + assert_response :success + assert_template 'add' + end + + should "accept post" do + post :add, :project => { :name => "blog", + :description => "weblog", + :identifier => "blog", + :is_public => 1, + :custom_field_values => { '3' => 'Beta' } + } + assert_redirected_to '/projects/blog/settings' + + project = Project.find_by_name('blog') + assert_kind_of Project, project + assert_equal 'weblog', project.description + assert_equal true, project.is_public? + assert_nil project.parent + end + + should "accept post with parent" do + post :add, :project => { :name => "blog", + :description => "weblog", + :identifier => "blog", + :is_public => 1, + :custom_field_values => { '3' => 'Beta' }, + :parent_id => 1 + } + assert_redirected_to '/projects/blog/settings' + + project = Project.find_by_name('blog') + assert_kind_of Project, project + assert_equal Project.find(1), project.parent + end + end - project = Project.find_by_name('blog') - assert_kind_of Project, project - assert_equal 'weblog', project.description - assert_equal true, project.is_public? + context "by non-admin user with add_project permission" do + setup do + Role.non_member.add_permission! :add_project + @request.session[:user_id] = 9 + end + + should "accept get" do + get :add + assert_response :success + assert_template 'add' + assert_no_tag :select, :attributes => {:name => 'project[parent_id]'} + end + + should "accept post" do + post :add, :project => { :name => "blog", + :description => "weblog", + :identifier => "blog", + :is_public => 1, + :custom_field_values => { '3' => 'Beta' } + } + + assert_redirected_to '/projects/blog/settings' + + project = Project.find_by_name('blog') + assert_kind_of Project, project + assert_equal 'weblog', project.description + assert_equal true, project.is_public? + + # User should be added as a project member + assert User.find(9).member_of?(project) + assert_equal 1, project.members.size + end + + should "fail with parent_id" do + assert_no_difference 'Project.count' do + post :add, :project => { :name => "blog", + :description => "weblog", + :identifier => "blog", + :is_public => 1, + :custom_field_values => { '3' => 'Beta' }, + :parent_id => 1 + } + end + assert_response :success + project = assigns(:project) + assert_kind_of Project, project + assert_not_nil project.errors.on(:parent_id) + end + end - # User should be added as a project member - assert User.find(2).member_of?(project) - assert_equal 1, project.members.size + context "by non-admin user with add_subprojects permission" do + setup do + Role.find(1).remove_permission! :add_project + Role.find(1).add_permission! :add_subprojects + @request.session[:user_id] = 2 + end + + should "accept get" do + get :add, :parent_id => 'ecookbook' + assert_response :success + assert_template 'add' + # parent project selected + assert_tag :select, :attributes => {:name => 'project[parent_id]'}, + :child => {:tag => 'option', :attributes => {:value => '1', :selected => 'selected'}} + # no empty value + assert_no_tag :select, :attributes => {:name => 'project[parent_id]'}, + :child => {:tag => 'option', :attributes => {:value => ''}} + end + + should "accept post with parent_id" do + post :add, :project => { :name => "blog", + :description => "weblog", + :identifier => "blog", + :is_public => 1, + :custom_field_values => { '3' => 'Beta' }, + :parent_id => 1 + } + assert_redirected_to '/projects/blog/settings' + project = Project.find_by_name('blog') + end + + should "fail without parent_id" do + assert_no_difference 'Project.count' do + post :add, :project => { :name => "blog", + :description => "weblog", + :identifier => "blog", + :is_public => 1, + :custom_field_values => { '3' => 'Beta' } + } + end + assert_response :success + project = assigns(:project) + assert_kind_of Project, project + assert_not_nil project.errors.on(:parent_id) + end + + should "fail with unauthorized parent_id" do + assert !User.find(2).member_of?(Project.find(6)) + assert_no_difference 'Project.count' do + post :add, :project => { :name => "blog", + :description => "weblog", + :identifier => "blog", + :is_public => 1, + :custom_field_values => { '3' => 'Beta' }, + :parent_id => 6 + } + end + assert_response :success + project = assigns(:project) + assert_kind_of Project, project + assert_not_nil project.errors.on(:parent_id) + end + end end def test_show_routing diff --git a/test/unit/project_test.rb b/test/unit/project_test.rb index 0633c95de..e61ab03fc 100644 --- a/test/unit/project_test.rb +++ b/test/unit/project_test.rb @@ -282,7 +282,7 @@ class ProjectTest < ActiveSupport::TestCase user = User.find(9) assert user.memberships.empty? User.current = user - assert Project.new.allowed_parents.empty? + assert Project.new.allowed_parents.compact.empty? end def test_users_by_role -- cgit v1.2.3