Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-10-26 07:46:17 +01:00
Code Issues Packages Projects Releases Activity

Allow normal users to delete a project (#33945).

Browse Source 
Patch by Holger Just.


git-svn-id: http://svn.redmine.org/redmine/trunk@20034 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Go MAEDA
2020-09-15 04:15:13 +00:00
parent 607071128f
commit dbe76a23b3
9 changed files with 59 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/controllers/projects_controller.rb
View File

@@ -23,9 +23,9 @@ class ProjectsController < ApplicationController
menu_item :projects, :only => [:index, :new, :copy, :create]
before_action :find_project, :except => [ :index, :autocomplete, :list, :new, :create, :copy ]
before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :copy, :archive, :unarchive, :destroy]
before_action :authorize, :except => [ :index, :autocomplete, :list, :new, :create, :copy, :archive, :unarchive]
before_action :authorize_global, :only => [:new, :create]
before_action :require_admin, :only => [ :copy, :archive, :unarchive, :destroy ]
before_action :require_admin, :only => [ :copy, :archive, :unarchive ]
accept_rss_auth :index
accept_api_auth :index, :show, :create, :update, :destroy
require_sudo_mode :destroy
@@ -259,11 +259,16 @@ class ProjectsController < ApplicationController
# Delete @project
def destroy
unless @project.deletable?
deny_access
return
end
@project_to_destroy = @project
if api_request? || params[:confirm]
@project_to_destroy.destroy
respond_to do |format|
format.html { redirect_to admin_projects_path }
format.html { redirect_to User.current.admin? ? admin_projects_path : projects_path }
format.api { render_api_ok }
end
end

8
app/models/project.rb
View File

@@ -709,6 +709,14 @@ class Project < ActiveRecord::Base
end
end
def deletable?(user = User.current)
if user.admin?
return true
else
user.allowed_to?(:delete_project, self) && leaf?
end
end
# Return the enabled module with the given name
# or nil if the module is not enabled for the project
def enabled_module(name)

2
app/views/projects/destroy.html.erb
View File

@@ -19,6 +19,6 @@
<p>
<%= submit_tag l(:button_delete) %>
<%= link_to l(:button_cancel), :controller => 'admin', :action => 'projects' %>
<%= link_to l(:button_cancel), User.current.admin? ? admin_projects_path : projects_path %>
</p>
<% end %>

3
app/views/projects/show.html.erb
View File

@@ -12,6 +12,9 @@
<%= link_to l(:button_reopen), reopen_project_path(@project), :data => {:confirm => l(:text_are_you_sure)}, :method => :post, :class => 'icon icon-unlock' %>
<% end %>
<% end %>
<% if @project.deletable? %>
<%= link_to l(:button_delete), project_path(@project), :method => :delete, :class => 'icon icon-del' %>
<% end %>
<%= link_to_if_authorized l(:label_settings),
{:controller => 'projects', :action => 'settings', :id => @project},
:class => 'icon icon-settings' if User.current.allowed_to?(:edit_project, @project) %>

1
config/locales/de.yml
View File

@@ -917,6 +917,7 @@ de:
permission_delete_issues: Tickets löschen
permission_delete_messages: Forenbeiträge löschen
permission_delete_own_messages: Eigene Forenbeiträge löschen
permission_delete_project: Projekt löschen
permission_delete_wiki_pages: Wiki-Seiten löschen
permission_delete_wiki_pages_attachments: Anhänge löschen
permission_delete_documents: Dokumente löschen

1
config/locales/en.yml
View File

@@ -508,6 +508,7 @@ en:
permission_add_subprojects: Create subprojects
permission_edit_project: Edit project
permission_close_project: Close / reopen the project
permission_delete_project: Delete the project
permission_select_project_modules: Select project modules
permission_manage_members: Manage members
permission_manage_project_activities: Manage project activities

1
lib/redmine.rb
View File

@@ -84,6 +84,7 @@ Redmine::AccessControl.map do |map|
map.permission :add_project, {:projects => [:new, :create]}, :require => :loggedin
map.permission :edit_project, {:projects => [:settings, :edit, :update]}, :require => :member
map.permission :close_project, {:projects => [:close, :reopen]}, :require => :member, :read => true
map.permission :delete_project, {:projects => :destroy}, :require => :member
map.permission :select_project_modules, {:projects => :modules}, :require => :member
map.permission :view_members, {:members => [:index, :show]}, :public => true, :read => true
map.permission :manage_members, {:projects => :settings, :members => [:index, :show, :new, :create, :edit, :update, :destroy, :autocomplete]}, :require => :member

2
test/fixtures/roles.yml vendored
View File

@@ -10,6 +10,7 @@ roles_001:
- :add_project
- :edit_project
- :close_project
- :delete_project
- :select_project_modules
- :manage_members
- :manage_versions
@@ -77,6 +78,7 @@ roles_002:
permissions: |
---
- :edit_project
- :delete_project
- :manage_members
- :manage_versions
- :manage_categories

34
test/functional/projects_controller_test.rb
View File

@@ -1059,6 +1059,40 @@ class ProjectsControllerTest < Redmine::ControllerTest
assert_nil Project.find_by_id(1)
end
def test_destroy_with_normal_user_should_destroy
set_tmp_attachments_directory
@request.session[:user_id] = 2 # non-admin
assert_difference 'Project.count', -1 do
delete(
:destroy,
:params => {
:id => 2,
:confirm => 1
}
)
assert_redirected_to '/projects'
end
assert_nil Project.find_by_id(2)
end
def test_destroy_with_normal_user_should_not_destroy_with_subprojects
set_tmp_attachments_directory
@request.session[:user_id] = 2 # non-admin
assert_difference 'Project.count', 0 do
delete(
:destroy,
:params => {
:id => 1,
:confirm => 1
}
)
assert_response 403
end
assert Project.find(1)
end
def test_archive
@request.session[:user_id] = 1 # admin
post(:archive, :params => {:id => 1})