Adds permission to edit and delete issues by role/tracker (#285).

git-svn-id: http://svn.redmine.org/redmine/trunk@15466 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-11-04 20:35:57 +01:00 · 2016-06-05 13:45:10 +00:00
parent a23450fe08
commit c4fd1750f7
10 changed files with 106 additions and 27 deletions
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -211,6 +211,10 @@ class IssuesController < ApplicationController
      unless User.current.allowed_to?(:copy_issues, @projects)
        raise ::Unauthorized
      end
+    else
+      unless @issues.all?(&:attributes_editable?)
+        raise ::Unauthorized
+      end
    end

    @allowed_projects = Issue.allowed_target_projects
@@ -263,6 +267,10 @@ class IssuesController < ApplicationController
      unless User.current.allowed_to?(:add_issues, target_projects)
        raise ::Unauthorized
      end
+    else
+      unless @issues.all?(&:attributes_editable?)
+        raise ::Unauthorized
+      end
    end

    unsaved_issues = []
@@ -316,6 +324,7 @@ class IssuesController < ApplicationController
  end

  def destroy
+    raise Unauthorized unless @issues.all?(&:deletable?)
    @hours = TimeEntry.where(:issue_id => @issues.map(&:id)).sum(:hours).to_f
    if @hours > 0
      case params[:todo]