Reverts r19569 (#33071).

404 error after deleting an attachment.


git-svn-id: http://svn.redmine.org/redmine/trunk@19579 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/attachments_controller.rb

@@ -25,8 +25,6 @@ class AttachmentsController < ApplicationController
   before_action :delete_authorize, :only => :destroy
   before_action :authorize_global, :only => :upload
 
-  require_sudo_mode :destroy
-
   # Disable check for same origin requests for JS files, i.e. attachments with
   # MIME type text/javascript.
   skip_after_action :verify_same_origin_request, :only => :download

app/controllers/boards_controller.rb

@@ -22,8 +22,6 @@ class BoardsController < ApplicationController
   before_action :find_project_by_project_id, :find_board_if_available, :authorize
   accept_rss_auth :index, :show
 
-  require_sudo_mode :destroy
-
   helper :sort
   include SortHelper
   helper :watchers

app/controllers/comments_controller.rb

@@ -24,8 +24,6 @@ class CommentsController < ApplicationController
   before_action :find_project_from_association
   before_action :authorize
 
-  require_sudo_mode :destroy
-
   def create
     raise Unauthorized unless @news.commentable?
 

app/controllers/documents_controller.rb

@@ -25,8 +25,6 @@ class DocumentsController < ApplicationController
   before_action :find_project_from_association, :except => [:index, :new, :create]
   before_action :authorize
 
-  require_sudo_mode :destroy
-
   helper :attachments
   helper :custom_fields
 

app/controllers/issues_controller.rb

@@ -28,8 +28,6 @@ class IssuesController < ApplicationController
   accept_rss_auth :index, :show
   accept_api_auth :index, :show, :create, :update, :destroy
 
-  require_sudo_mode :destroy
-
   rescue_from Query::StatementInvalid, :with => :query_statement_invalid
 
   helper :journals

app/controllers/messages_controller.rb

@@ -25,8 +25,6 @@ class MessagesController < ApplicationController
   before_action :find_message, :except => [:new, :preview]
   before_action :authorize, :except => [:preview, :edit, :destroy]
 
-  require_sudo_mode :destroy
-
   helper :boards
   helper :watchers
   helper :attachments

app/controllers/news_controller.rb

@@ -28,8 +28,6 @@ class NewsController < ApplicationController
   accept_rss_auth :index
   accept_api_auth :index, :show, :create, :update, :destroy
 
-  require_sudo_mode :destroy
-
   helper :watchers
   helper :attachments
 

app/controllers/repositories_controller.rb

@@ -36,8 +36,6 @@ class RepositoriesController < ApplicationController
   before_action :authorize
   accept_rss_auth :revisions
 
-  require_sudo_mode :destroy
-
   rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed
 
   def new

app/controllers/timelog_controller.rb

@@ -33,8 +33,6 @@ class TimelogController < ApplicationController
   accept_rss_auth :index
   accept_api_auth :index, :show, :create, :update, :destroy
 
-  require_sudo_mode :destroy
-
   rescue_from Query::StatementInvalid, :with => :query_statement_invalid
 
   helper :issues

app/controllers/versions_controller.rb

@@ -27,8 +27,6 @@ class VersionsController < ApplicationController
 
   accept_api_auth :index, :show, :create, :update, :destroy
 
-  require_sudo_mode :destroy
-
   helper :custom_fields
   helper :projects
 

app/controllers/wiki_controller.rb

@@ -39,8 +39,6 @@ class WikiController < ApplicationController
   before_action :find_attachments, :only => [:preview]
   accept_api_auth :index, :show, :update, :destroy
 
-  require_sudo_mode :destroy, :destroy_version
-
   helper :attachments
   include AttachmentsHelper
   helper :watchers

app/controllers/wikis_controller.rb

@@ -21,8 +21,6 @@ class WikisController < ApplicationController
   menu_item :settings
   before_action :find_project, :authorize
 
-  require_sudo_mode :destroy, only: :post
-
   # Delete a project's wiki
   def destroy
     if request.post? && params[:confirm] && @project.wiki

config/configuration.yml.example

@@ -169,8 +169,7 @@ default:
 
   # Requires users to re-enter their password for sensitive actions (editing
   # of account data, project memberships, application settings, user, group,
-  # role, auth source management, project deletion and deletion of contents
-  # such as issues, attachments and wiki pages). Disabled by default.
+  # role, auth source management and project deletion). Disabled by default.
   # Timeout is set in minutes.
   #
   #sudo_mode: true

test/integration/sudo_mode_test.rb

@@ -3,9 +3,7 @@
 require File.expand_path('../../test_helper', __FILE__)
 
 class SudoModeTest < Redmine::IntegrationTest
-  fixtures :projects, :members, :member_roles, :roles, :users,
-           :email_addresses, :trackers, :projects_trackers, :enabled_modules,
-           :issue_statuses, :issues, :enumerations
+  fixtures :projects, :members, :member_roles, :roles, :users, :email_addresses
 
   def setup
     Redmine::SudoMode.stubs(:enabled?).returns(true)
@@ -194,24 +192,6 @@ class SudoModeTest < Redmine::IntegrationTest
     end
   end
 
-  def test_destroy_issue
-    log_user 'dlopper', 'foo'
-    expire_sudo_mode!
-    delete '/issues/2'
-    assert_response :success
-    assert_select 'h2', 'Confirm your password to continue'
-    assert_select 'form[action="/issues/2"]'
-    assert_select '#flash_error', 0
-
-    delete '/issues/2', :params => {:sudo_password => 'wrong'}
-    assert_response :success
-    assert_select 'h2', 'Confirm your password to continue'
-
-    assert_difference 'Issue.count', -1 do
-      delete '/issues/2', :params => {:sudo_password => 'foo'}
-    end
-  end
-
   private
 
   # sudo mode is active after sign, let it expire by advancing the time