mirror of
https://github.com/redmine/redmine.git
synced 2025-10-31 18:36:07 +01:00
Only admin users should be able to manage public queries on the project list (#29482).
Like for issues, project members with the "Manage public" queries are allowed to manage public queries inside their projects, not public global queries that are proposed on /issues. git-svn-id: http://svn.redmine.org/redmine/trunk@19091 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
@@ -126,7 +126,7 @@ class QueriesController < ApplicationController
|
|||||||
@query.column_names = nil if params[:default_columns]
|
@query.column_names = nil if params[:default_columns]
|
||||||
@query.sort_criteria = (params[:query] && params[:query][:sort_criteria]) || @query.sort_criteria
|
@query.sort_criteria = (params[:query] && params[:query][:sort_criteria]) || @query.sort_criteria
|
||||||
@query.name = params[:query] && params[:query][:name]
|
@query.name = params[:query] && params[:query][:name]
|
||||||
if User.current.allowed_to?(:manage_public_queries, @query.project) || User.current.admin? || (@query.type == 'ProjectQuery' && User.current.allowed_to?(:manage_public_queries, @query.project, :global => true))
|
if User.current.allowed_to?(:manage_public_queries, @query.project) || User.current.admin?
|
||||||
@query.visibility = (params[:query] && params[:query][:visibility]) || Query::VISIBILITY_PRIVATE
|
@query.visibility = (params[:query] && params[:query][:visibility]) || Query::VISIBILITY_PRIVATE
|
||||||
@query.role_ids = params[:query] && params[:query][:role_ids]
|
@query.role_ids = params[:query] && params[:query][:role_ids]
|
||||||
else
|
else
|
||||||
|
|||||||
@@ -8,8 +8,7 @@
|
|||||||
<%= text_field 'query', 'name', :size => 80 %></p>
|
<%= text_field 'query', 'name', :size => 80 %></p>
|
||||||
|
|
||||||
<% if User.current.admin? ||
|
<% if User.current.admin? ||
|
||||||
User.current.allowed_to?(:manage_public_queries, @query.project) ||
|
User.current.allowed_to?(:manage_public_queries, @query.project) %>
|
||||||
@query.type == 'ProjectQuery' && User.current.allowed_to?(:manage_public_queries, @query.project, :global => true) %>
|
|
||||||
<p><label><%=l(:field_visible)%></label>
|
<p><label><%=l(:field_visible)%></label>
|
||||||
<label class="block"><%= radio_button 'query', 'visibility', Query::VISIBILITY_PRIVATE %> <%= l(:label_visibility_private) %></label>
|
<label class="block"><%= radio_button 'query', 'visibility', Query::VISIBILITY_PRIVATE %> <%= l(:label_visibility_private) %></label>
|
||||||
<label class="block"><%= radio_button 'query', 'visibility', Query::VISIBILITY_PUBLIC %> <%= l(:label_visibility_public) %></label>
|
<label class="block"><%= radio_button 'query', 'visibility', Query::VISIBILITY_PUBLIC %> <%= l(:label_visibility_public) %></label>
|
||||||
|
|||||||
@@ -495,7 +495,7 @@ class QueriesControllerTest < Redmine::ControllerTest
|
|||||||
end
|
end
|
||||||
|
|
||||||
def test_create_public_project_query
|
def test_create_public_project_query
|
||||||
@request.session[:user_id] = 2
|
@request.session[:user_id] = 1
|
||||||
|
|
||||||
q = new_record(ProjectQuery) do
|
q = new_record(ProjectQuery) do
|
||||||
post :create, :params => {
|
post :create, :params => {
|
||||||
|
|||||||
Reference in New Issue
Block a user