Fix that Log time and/or Add notes sections from issue form page do not show or hide dynamically based on user permission (#34641).

git-svn-id: https://svn.redmine.org/redmine/trunk@21495 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-10-26 07:46:17 +01:00 · 2022-03-22 07:03:19 +00:00
parent 2e86acfa87
commit 30d91c8503
5 changed files with 55 additions and 13 deletions
--- a/app/views/issues/_edit.html.erb
+++ b/app/views/issues/_edit.html.erb
@@ -9,8 +9,8 @@
        </div>
        </fieldset>
    <% end %>
-    <% if User.current.allowed_to?(:log_time, @project) %>
-        <fieldset class="tabular"><legend><%= l(:button_log_time) %></legend>
+    <% if User.current.allowed_to?(:log_time, @issue.project) %>
+        <fieldset class="tabular" id="log_time"><legend><%= l(:button_log_time) %></legend>
        <%= labelled_fields_for :time_entry, @time_entry do |time_entry| %>
        <div class="splitcontent">
        <div class="splitcontentleft">
@@ -28,7 +28,7 @@
    </fieldset>
    <% end %>
    <% if @issue.notes_addable? %>
-      <fieldset><legend><%= l(:field_notes) %></legend>
+      <fieldset id="add_notes"><legend><%= l(:field_notes) %></legend>
      <%= f.text_area :notes, :cols => 60, :rows => 10, :class => 'wiki-edit',
            :data => {
                :auto_complete => true
@@ -43,7 +43,7 @@
      <%= call_hook(:view_issues_edit_notes_bottom, { :issue => @issue, :notes => @notes, :form => f }) %>
      </fieldset>

-      <fieldset><legend><%= l(:label_attachment_plural) %></legend>
+      <fieldset id="add_attachments"><legend><%= l(:label_attachment_plural) %></legend>
        <% if @issue.attachments.any? && @issue.safe_attribute?('deleted_attachment_ids') %>
        <div class="contextual"><%= link_to l(:label_edit_attachments), '#', :onclick => "$('#existing-attachments').toggle(); return false;" %></div>
        <div id="existing-attachments" style="<%= @issue.deleted_attachment_ids.blank? ? 'display:none;' : '' %>">
--- a/app/views/issues/edit.js.erb
+++ b/app/views/issues/edit.js.erb
@@ -1,7 +1 @@
-replaceIssueFormWith('<%= escape_javascript(render :partial => 'form') %>');
-
-<% if User.current.allowed_to?(:log_time, @issue.project) %>
-  $('#log_time').show();
-<% else %>
-  $('#log_time').hide();
-<% end %>
+replaceIssueFormWith('<%= escape_javascript(render :partial => 'edit') %>');
--- a/public/javascripts/application.js
+++ b/public/javascripts/application.js
@@ -622,8 +622,13 @@ function replaceIssueFormWith(html){
      replacement.find('#'+object_id).val($(this).val());
    }
  });
-  $('#all_attributes').empty();
-  $('#all_attributes').prepend(replacement);
+
+  if ($('form.new_issue').length > 0) {
+    $('#all_attributes').empty();
+    $('#all_attributes').prepend(replacement);
+  } else {
+    $('#issue-form').replaceWith(replacement);
+  }
 }

 function updateBulkEditFrom(url) {
--- a/test/application_system_test_case.rb
+++ b/test/application_system_test_case.rb
@@ -81,6 +81,12 @@ class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
    assert_equal '/my/page', current_path
  end

+  def wait_for_ajax
+    Timeout.timeout(Capybara.default_max_wait_time) do
+      loop until page.evaluate_script("jQuery.active").zero?
+    end
+  end
+
  def clear_downloaded_files
    FileUtils.rm downloaded_files
  end
--- a/test/system/issues_test.rb
+++ b/test/system/issues_test.rb
@@ -587,4 +587,41 @@ class IssuesSystemTest < ApplicationSystemTestCase
      assert page.has_text? 'Related to Bug #7'
    end
  end
+
+  def test_update_issue_form_should_include_time_entry_form_only_for_users_with_permission
+    log_user('jsmith', 'jsmith')
+
+    visit '/issues/2'
+    page.first(:link, 'Edit').click
+
+    # assert log time form exits for user with required permissions on the current project
+    assert page.has_css?('#log_time')
+
+    # Change project to trigger an update on issue form
+    page.find('#issue_project_id').select('» Private child of eCookbook')
+    wait_for_ajax
+
+    # assert log time form does not exist anymore for user without required permissions on the new project
+    assert_not page.has_css?('#log_time')
+  end
+
+  def test_update_issue_form_should_include_add_notes_form_only_for_users_with_permission
+    log_user('jsmith', 'jsmith')
+
+    visit '/issues/2'
+    page.first(:link, 'Edit').click
+
+    # assert add notes form exits for user with required permissions on the current project
+    assert page.has_css?('#add_notes')
+
+    # remove add issue notes permission from Manager role
+    Role.find_by_name('Manager').remove_permission! :add_issue_notes
+
+    # Change project to trigger an update on issue form
+    page.find('#issue_project_id').select('» Private child of eCookbook')
+    wait_for_ajax
+
+    # assert add notes form does not exist anymore for user without required permissions on the new project
+    assert_not page.has_css?('#add_notes')
+  end
 end