Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-15 17:56:03 +01:00
Code Issues Packages Projects Releases Activity

Don't consider roles without issue add/edit permissions for determining fields permissions (#15988).

Browse Source 
git-svn-id: http://svn.redmine.org/redmine/trunk@13747 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
2014-12-13 14:31:58 +00:00
parent 07b44a4662
commit 453803c68f
3 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/models/issue.rb
View File

@@ -539,6 +539,7 @@ class Issue < ActiveRecord::Base
user_real = user || User.current user_real = user || User.current
roles = user_real.admin ? Role.all.to_a : user_real.roles_for_project(project) roles = user_real.admin ? Role.all.to_a : user_real.roles_for_project(project)
roles = roles.select(&:consider_workflow?)
return {} if roles.empty? return {} if roles.empty?
result = {} result = {}

4
app/models/role.rb
View File

@@ -113,6 +113,10 @@ class Role < ActiveRecord::Base
!permissions.nil? && permissions.include?(perm.to_sym) !permissions.nil? && permissions.include?(perm.to_sym)
end end
def consider_workflow?
has_permission?(:add_issues) || has_permission?(:edit_issues)
end
def <=>(role) def <=>(role)
if role if role
if builtin == role.builtin if builtin == role.builtin

23
test/unit/issue_test.rb
View File

@@ -914,6 +914,29 @@ class IssueTest < ActiveSupport::TestCase
assert_equal %w(due_date), issue.read_only_attribute_names(user) assert_equal %w(due_date), issue.read_only_attribute_names(user)
end end
def test_workflow_rules_should_ignore_roles_without_issue_permissions
role = Role.generate! :permissions => [:view_issues, :edit_issues]
ignored_role = Role.generate! :permissions => [:view_issues]
WorkflowPermission.delete_all
WorkflowPermission.create!(:old_status_id => 1, :tracker_id => 1,
:role => role, :field_name => 'due_date',
:rule => 'required')
WorkflowPermission.create!(:old_status_id => 1, :tracker_id => 1,
:role => role, :field_name => 'start_date',
:rule => 'readonly')
WorkflowPermission.create!(:old_status_id => 1, :tracker_id => 1,
:role => role, :field_name => 'done_ratio',
:rule => 'readonly')
user = User.generate!
User.add_to_project user, Project.find(1), [role, ignored_role]
issue = Issue.new(:project_id => 1, :tracker_id => 1, :status_id => 1)
assert_equal %w(due_date), issue.required_attribute_names(user)
assert_equal %w(done_ratio start_date), issue.read_only_attribute_names(user).sort
end
def test_copy def test_copy
issue = Issue.new.copy_from(1) issue = Issue.new.copy_from(1)
assert issue.copy? assert issue.copy?