New Permission: Edit own issue (#1248).

Patch by Yuichi HARADA. git-svn-id: http://svn.redmine.org/redmine/trunk@18081 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-10-26 07:46:17 +01:00 · 2019-04-25 05:32:58 +00:00
parent 8703330384
commit 1ff42ec5bc
4 changed files with 22 additions and 1 deletions
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -180,7 +180,9 @@ class Issue < ActiveRecord::Base

  # Returns true if user or current user is allowed to edit the issue
  def attributes_editable?(user=User.current)
-    user_tracker_permission?(user, :edit_issues)
+    user_tracker_permission?(user, :edit_issues) || (
+      user_tracker_permission?(user, :edit_own_issues) && author == user
+    )
  end

  # Overrides Redmine::Acts::Attachable::InstanceMethods#attachments_editable?
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -488,6 +488,7 @@ en:
  permission_view_issues: View Issues
  permission_add_issues: Add issues
  permission_edit_issues: Edit issues
+  permission_edit_own_issues: Edit own issues
  permission_copy_issues: Copy issues
  permission_manage_issue_relations: Manage issue relations
  permission_set_issues_private: Set issues public or private
--- a/lib/redmine.rb
+++ b/lib/redmine.rb
@@ -102,6 +102,7 @@ Redmine::AccessControl.map do |map|
                                  :read => true
    map.permission :add_issues, {:issues => [:new, :create], :attachments => :upload}
    map.permission :edit_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update], :journals => [:new], :attachments => :upload}
+    map.permission :edit_own_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update], :journals => [:new], :attachments => :upload}
    map.permission :copy_issues, {:issues => [:new, :create, :bulk_edit, :bulk_update], :attachments => :upload}
    map.permission :manage_issue_relations, {:issue_relations => [:index, :show, :create, :destroy]}
    map.permission :manage_subtasks, {}
--- a/test/unit/issue_test.rb
+++ b/test/unit/issue_test.rb
@@ -543,6 +543,23 @@ class IssueTest < ActiveSupport::TestCase
    assert_equal false, issue.deletable?(user)
  end

+  def test_issue_should_editable_by_author
+    Role.all.each do |r|
+      r.remove_permission! :edit_issues
+      r.add_permission! :edit_own_issues
+    end
+
+    issue = Issue.find(1)
+    user = User.find_by_login('jsmith')
+
+    # author
+    assert_equal user, issue.author
+    assert_equal true, issue.attributes_editable?(user)
+
+    # not author
+    assert_equal false, issue.attributes_editable?(User.find_by_login('dlopper'))
+  end
+
  def test_errors_full_messages_should_include_custom_fields_errors
    field = IssueCustomField.find_by_name('Database')